xssless: An Automated XSS Payload Generator
Xssless is an automated XSS payload generator written in python.
Run the script:
Download and read more at
Usage
- Record request(s) with Burp proxy
- Select request(s) you want to generate, then right click and select "Save items"
- Use xssless to generate your payload:
./xssless.py burp_export_file - Pwn!
Features
- Automated XSS payload generation from imported Burp proxy requests
- Payloads are 100% asynchronous and won't freeze the user's browser
- Payloads are optimized, but should be minimized by a third party tool
- CSRF tokens can be easily extracted and set via the -p option
- POST multipart is supported, along with XSS file uploading via the -f option
- Payloads are dynamic and portable (due to relative URLs)
- Self propagation is now supported - meaning you can set a POST value to the payload itself!
- Crazy JavaScript worms with no hassle!
Installation
Download the latest xssless:git clone https://github.com/mandatoryprogrammer/xsslessRun the script:
./xssless.py -hDownload and read more at
