mirror of
https://github.com/nettitude/xss_payloads.git
synced 2025-02-16 12:38:26 +00:00
More readme info
This commit is contained in:
strawp
parent
8f185f22f5
commit
0258b2f699
2 changed files with 5 additions and 0 deletions
|
|
@ -34,6 +34,10 @@ Steal the content of the current page, a specific element or another page within
|
|||
|
||||
Steal cookies from the site.
|
||||
|
||||
### formjacker.php
|
||||
|
||||
Man-in-the-middle all forms on the current page and also exploit browser autofill functionality in order to steal personal information.
|
||||
|
||||
### formsubmitter.php
|
||||
|
||||
Grab a page from somewhere within the same origin, fill in a form on it and then submit that form.
|
||||
|
|
|
|||
|
|
@ -2,6 +2,7 @@
|
|||
// Formjacker
|
||||
/*
|
||||
Man-in-the-middle every form on the page so that it sends data via this script.
|
||||
All forms will submit to this script which will log all the form data and then submit to the original URL.
|
||||
Also add in invisible field elements to exploit browser autofill and extract form fill data (CC data, personal details etc) (https://github.com/anttiviljami/browser-autofill-phishing)
|
||||
Should automatically pick up CSRF tokens for standard HTML forms. Forms using AJAX requests and CSRF tokens in headers will fail.
|
||||
*/
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue