Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/hipotermia/vaya-ciego-nen
Detect, manage and exploit Blind Cross-site scripting (XSS) vulnerabilities.
https://github.com/hipotermia/vaya-ciego-nen
Last synced: about 1 month ago
JSON representation
Detect, manage and exploit Blind Cross-site scripting (XSS) vulnerabilities.
- Host: GitHub
- URL: https://github.com/hipotermia/vaya-ciego-nen
- Owner: hipotermia
- Created: 2019-08-01T19:03:54.000Z (over 5 years ago)
- Default Branch: master
- Last Pushed: 2023-01-20T00:21:54.000Z (almost 2 years ago)
- Last Synced: 2024-08-01T10:17:18.378Z (4 months ago)
- Language: JavaScript
- Size: 373 KB
- Stars: 40
- Watchers: 5
- Forks: 18
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
- awesome-bugbounty-tools - vaya-ciego-nen - Detect, manage and exploit Blind Cross-site scripting (XSS) vulnerabilities. (Exploitation / XSS Injection)
README
# ⛔ DEPRECATED ⛔
Heroku instances are no longer free.
Please check [blinder](https://github.com/hipotermia/blinder) for an upgraded version to set up on your own VPS.# vaya-ciego-nen
**vaya-ciego-nen** is a tool that allows you to create your own webapp to detect, manage and exploit **Blind Cross-site scripting (XSS)** vulnerabilities.A more detailed guide about this tool can be found [here](https://hipotermia.pw/guide/vaya-ciego-nen).
## How does it work?
This webapp serves a malicious JavaScript payload that will execute if a XSS is present, retrieving cookies, a screenshot and more info. This info can be seen in a dashboard where you're able to manage all the triggers, which are stored in a PostgreSQL database.## Usage
The project is oriented to be deployed in a **free** [heroku](https://heroku.com) instance, but the changes are minimum if you want to use the code in your own server.First, you'll need to install [`heroku-cli`](https://devcenter.heroku.com/articles/heroku-cli) if you don't have it already. Then:
```
$ git clone https://github.com/hipotermia/vaya-ciego-nen
$ cd vaya-ciego-nen
$ heroku login
$ heroku create name_of_your_app
$ heroku addons:create heroku-postgresql:hobby-dev
```
Modify the file `config.py` with a username/password of your choice (used to access your dashboard), change the domain for your *name_of_your_app.herokuapp.com*, and finally:
```
$ git add .
$ git commit -m "letsgo"
$ git push heroku master
```
That's it! Now you have your own dashboard in *name_of_your_app.herokuapp.com/dashboard* and you just have to use your favorite payload like `">` to find blind XSS.## Not sure of which input triggered your payload?
Create different payloads for each input using `name_of_your_app.herokuapp.com/?extra` modifying the *extra* param and this will be visible on your dashboard to recognize it. You can use `/?email_input` for an email input for example.## HttpOnly on the session cookie?
No worries, use `name_of_your_app.herokuapp.com/phish` in your payload and instead of collecting info, a fake login panel will appear in the victim's browser and if he enters its credentials, they're going to be sent to your dashboard! A cookie will be set on the victim's browser to control the login panel just appears once to avoid suspicion.
> **Note:** Most bugbounties don't allow phishing attacks on their programs. Don't do this unless you're 100% sure you're allowed.