Commit graph

33 commits

Author SHA1 Message Date
strawp
893d1e1898 Also hex escapes, why not 2021-08-05 17:07:35 +01:00
strawp
1562f11801 Added JS Unicode encoding 2021-08-04 16:33:22 +01:00
strawp
1801217236 Updated readme 2021-07-17 16:22:50 +01:00
strawp
8502427f7d Added encoding options 2021-07-16 17:34:38 +01:00
strawp
2019252010 Added custom element / event injection type 2019-08-09 14:15:34 +01:00
strawp
49b638e463 Resolved merge and bugs 2019-07-31 17:29:34 +01:00
strawp
6e8780e954 Merge conflict resolved 2019-07-31 17:27:28 +01:00
strawp
b8b866e91f Added in execution methods to pass payload strings into:
- eval()
 - Function()()
 - setTimeout()

and also referencing the above via the `window` object, e.g.

`window['eval']('alert(1)')`
2019-07-31 17:21:11 +01:00
strawp
d4a455a166 Added JSF*** obfuscation 2019-07-29 15:11:21 +01:00
strawp
61c2a79d12 Added JSFuck obfuscation 2019-07-17 18:16:04 +01:00
strawp
109b802a72 Visual tweaks 2019-05-31 11:19:05 +01:00
strawp
f8eaa24492 First reasonably working version 2019-05-31 10:48:16 +01:00
strawp
04b7d04105 Added dropper.php 2019-05-07 10:59:34 +01:00
strawp
b2ab0d0f54 Made confirmation message work on image load 2017-10-27 15:30:18 +01:00
strawp
329e5f48c1 Added paymentRequest API prompt 2017-10-27 12:06:11 +01:00
strawp
fc7d8d828b Changed to invoke login on window load 2017-03-01 10:49:19 +00:00
strawp
d58e3d52d3 Added state, county, fixed lists 2017-02-01 22:04:01 +00:00
strawp
0258b2f699 More readme info 2017-01-30 13:09:04 +00:00
strawp
8f185f22f5 Added formjacker.php - MitM web forms and exploit browser autofill 2017-01-30 13:02:37 +00:00
strawp
6607f04541 Added referer 2017-01-13 12:45:37 +00:00
strawp
6e4b5b6126 Missed the cookie column 2017-01-13 12:37:11 +00:00
strawp
51a3a1c4b5 Updated readme for recon.php 2017-01-13 12:29:25 +00:00
strawp
73f11946bc Added recon.php - situational awareness for executed XSS 2017-01-13 12:20:58 +00:00
strawp
9f768797b4 Updated readme 2016-08-31 11:36:23 +01:00
strawp
ecf457510b Trimmed blocked ports down, added logging to file 2016-08-31 11:14:44 +01:00
strawp
9274c0f670 Re-wrote contentstealer.php to use POST and async XHRs 2016-08-31 11:13:19 +01:00
Strawp
2d31072193 Changed UNC hash stealer to re-write all links on the page to UNC path 2016-08-02 17:05:09 +01:00
Strawp
298e52fccd Added UNC hash stealer 2016-08-02 16:53:04 +01:00
Strawp
0e5e27f0b4 Correctly completes port scan, reports internal IP with each open port 2016-05-23 11:03:55 +01:00
Strawp
caa435d214 Added readme info 2016-05-19 11:48:29 +01:00
Strawp
6271f0acb0 Working local network portscanner 2016-05-18 17:41:46 +01:00
Strawp
dab2088267 Added the PHP xss payloads 2016-05-18 14:21:52 +01:00
Strawp
79558b73e2 first commit 2016-05-18 14:14:39 +01:00