Navigation

xssless – An Automated XSS Payload Generator Written In Python

January 6, 2014 | 2,785 views

xssless is an automated XSS payload generator written in python.

Usage

Record request(s) with Burp proxy
Select request(s) you want to generate, then right click and select “Save items”
Use xssless to generate your payload: ./xssless.py burp_export_file
Pwn!

Features

Automated XSS payload generation from imported Burp proxy requests
Payloads are 100% asynchronous and won’t freeze the user’s browser
CSRF tokens can be easily extracted and set via the -p option
POST multipart is supported, along with XSS file uploading via the -f option
Payloads are dynamic and portable (due to relative URLs)
Crazy JavaScript worms with no hassle!

Installation/Download

Download the latest xssless:

git clone https://github.com/mandatoryprogrammer/xssless

1	git clone https://github.com/mandatoryprogrammer/xssless

Install dependencies:

pip install -r requirements.txt

1	pip install -r requirements.txt

Run the script:

./xssless.py -h

1	./xssless.py -h

Or read more here.

Shares 33

Posted in: Hacking Tools, Web Hacking

asynchronous payloads, burp proxy xss, cross site forgery request, csrf, csrf tokens, portable xss payloads, Python, XSS, xss burp suite, xss payload generator, xssless

Recent in Hacking Tools:
- Bluto – DNS Recon, Zone Transfer & Brute Forcer
- dork-cli – Command-line Google Dork Tool
- T50 – The Fastest Mixed Packet Injector Tool

Related Posts:

Most Read in Hacking Tools:
- Top 15 Security/Hacking Tools & Utilities - 2,024,720 views
- Brutus Password Cracker – Download brutus-aet2.zip AET2 - 1,611,108 views
- wwwhack 1.9 – Download wwwhack19.zip Web Hacking Tool - 707,927 views

Researchers Crack 4096-bit RSA Encryption With a Microphone

Yahoo! Spread Bitcoin Mining Botnet Malware Via Ads

Comments are closed.