An automated XSS payload generator written in python.
Usage
- Record request(s) with Burp proxy
- Select request(s) you want to generate, then right click and select "Save items"
- Use xssless to generate your payload:
./xssless.py burp_export_file
- Pwn!
A more detailed tutorial can be found
hereFeatures
- Automated XSS payload generation from imported Burp proxy requests
- Payloads are 100% asynchronous and won't freeze the user's browser
- CSRF tokens can be easily extracted and set via the -p option
- POST multipart is supported, along with XSS file uploading via the -f option
- Payloads are dynamic and portable (due to relative URLs)
- Crazy JavaScript worms with no hassle!