Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

https://github.com/fyxme/blistener

Blind-XSS listener with payloads to the target user's browser data including cookies, local/session storage, html code, screenshot of current page (HTTP listener optionally)
https://github.com/fyxme/blistener

blind-xss golang http http-listener javascript listener payloads xss

Last synced: 12 days ago
JSON representation

Blind-XSS listener with payloads to the target user's browser data including cookies, local/session storage, html code, screenshot of current page (HTTP listener optionally)

Lists

README 

        
# Blistener (Blind-XSS listener)



Code was written quickly during a CTF and should probably be refactored. Not going to change it for now since it's working. I'll refactor when I add new features to it.



It has 2 exploits, one which will take all data available on the page including the html code and the other which will also take a screenshot of the page as well as all the data on the page.



## Compiling



```

go build blistener.go

```



## Usage



1. Create an output directory where the listener will store html code and png images from the xss pages it identifies



2. Start the listener:

```

./blistener

```



3. Use one of the payloads to trigger an XSS 



## Exploit strings



```

# The normal payloads will grab all content from the page including the html source



# The extended payloads do the same as the normal payloads except that they also take a screenshot of the page 



# You call also use a normal request to make sure the XSS can be trigger such as:




# Simple cookie grabber



```



_Note: The listener is on port 8899 by default, change to another port if you need._



## Example trigger



![example trigger](.github/img/example.png)



## Todo



- Add cli flags

- Refactor code