mirror of
https://github.com/nettitude/xss_payloads.git
synced 2025-02-16 12:38:26 +00:00
Updated readme for recon.php
This commit is contained in:
strawp
parent
73f11946bc
commit
51a3a1c4b5
1 changed files with 13 additions and 0 deletions
13
README.md
13
README.md
|
|
@ -46,6 +46,19 @@ Get the internal IP address of a victim and then have them do a TCP port scan of
|
|||
|
||||
Pop up a login page which sends the entered credentials back to this URL.
|
||||
|
||||
### recon.php ###
|
||||
|
||||
Passes back information about where it was executed:
|
||||
|
||||
- page URL
|
||||
- script URL
|
||||
- user's IP address
|
||||
- Page content
|
||||
- Any non HttpOnly cookies present
|
||||
- User agent string
|
||||
|
||||
And then logs it all into either a file or a database. Great for when a collaborator alert is generated asynchronously and you need more info about where execution is occuring.
|
||||
|
||||
### unc_hashstealer.php
|
||||
|
||||
Fire up Responder.py on the same host as this script and then inject this payload. All links on the injected page will be turned into UNC paths to the same host.
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue