xssless is an automated XSS payload generator written in python.
Usage
- Record request(s) with Burp proxy
- Select request(s) you want to generate, then right click and select “Save items”
- Use xssless to generate your payload: ./xssless.py burp_export_file
- Pwn!
Features
- Automated XSS payload generation from imported Burp proxy requests
- Payloads are 100% asynchronous and won’t freeze the user’s browser
- CSRF tokens can be easily extracted and set via the -p option
- POST multipart is supported, along with XSS file uploading via the -f option
- Payloads are dynamic and portable (due to relative URLs)
- Crazy JavaScript worms with no hassle!
Installation/Download
Download the latest xssless:
1 |
git clone https://github.com/mandatoryprogrammer/xssless |
Install dependencies:
1 |
pip install -r requirements.txt |
Run the script:
1 |
./xssless.py -h |
Or read more here.