xssless is an automated XSS payload generator written in python.
Usage
- Record request(s) with Burp proxy
- Select request(s) you want to generate, then right click and select “Save items”
- Use xssless to generate your payload: ./xssless.py burp_export_file
- Pwn!
Features
- Automated XSS payload generation from imported Burp proxy requests
- Payloads are 100% asynchronous and won’t freeze the user’s browser
- CSRF tokens can be easily extracted and set via the -p option
- POST multipart is supported, along with XSS file uploading via the -f option
- Payloads are dynamic and portable (due to relative URLs)
- Crazy JavaScript worms with no hassle!
Installation/Download
Download the latest xssless:
git clone https://github.com/mandatoryprogrammer/xssless
Install dependencies:
pip install -r requirements.txt
Run the script:
./xssless.py -h
Or read more here.
The post xssless – An Automated XSS Payload Generator Written In Python appeared first on Darknet - The Darkside.