XSS to Account Takeover Toolkit

XSS to Account Takeover — Payload Collection

Collection of payloads XSS designeds no only for demostrar alert(1), sino for lograr impacto real:

n
• Cookie Exfilterstor — Payload that sends document.cookie a tu server, with bypass of CSP via DNS prefetch and WebRTC.
n
• DOM Keylogger — Script injectsble that captures all the pulsaciones of keyboard in the page and the sends in batches.
n
• Session Hijacker — Roba the token of session and lo uses for clonar the session of the user in tu navegador.
n
• In-Page Phishing — Inyecta a formulario of login falso on the page real, captures credentials.
n
• CSP Bypass Collection — 20+ techniques for bypassear Content Security Policy: JSONP callbacks, Angular template injection, base-uri abuse.
n
• Polyglot payloads — Payloads that worksn in multiple contextos (HTML, JS, attribute, URL).
n