Easier XSS payloads using HttpPwnly
Quite often you can find a Cross-Site Scripting (XSS) vulnerability in a web application. The minimal approach is to inject a JavaScript "alert" which says hello or something in there. This can be enough if the customer is familiar with XSS and knows it is a risk they need to fix. If it is the first time that customer has ever heard of it then you need to explain a lot more.
Enter HttpPwnly which was written by my colleague Daniel Forse. A simple web server based application which allows you to use a fast interface to inject your JavaScript commands into a victim's session. It is based on Burp Suite's "Repeater" feature. If you are familiar with that then you will have no problems making HttpPwnly work effectively.
To make it work you need to do the following:
- Hook a victim's browser with the HttpPwnly JavaScript file. (Same as BeEf project)
- Type JavaScript commands into the request box and send them!
No hidden magic, that is all that needs to be done. You can use the back and forward arrows at the top of the web page to operate exactly like repeater.
This is not going to make an XSS payload for you. You will need to know JavaScript but you now have a simple way to test each iteration of your payload quickly until you get it correct.
I have used this on live engagements for a few months as a tool only available within Pentest Limited. It has helped me to bash out better proof of concept payloads which were appropriately tailored to the specific customer faster than I could before.
Now that it has been published online I am happy to tout this as something that is definitely worth while playing with.
Get it from our GitHub page at the URL below:
https://github.com/PentestLtd/HttpPwnly
Happy proof of concepting!
| Hacker | Security Consultant | CCNA
8 年Sounds great. Can you load a file of java script lets? And let it run one by one until a box is reflected back say? Or is it simply a manual process one by one.?