/bxss-flask

This Flask application provides a user-friendly web interface for logging data along with timestamps and IP addresses. The logged data is stored in both a text file (results.txt) and an HTML file (results.html) to facilitate easy tracking and visualization of the recorded information.

Primary LanguagePython

Blind XSS probe POC

The idea behind this POC is when an attacker is testing for XSS which she can't verify, the probe can be injected which when triggered (if triggered) will show up on the back-end site.

Installation

  • Get a digital ocean account. You can click this link for $100 free credit across first 60 days: https://m.do.co/c/316c3be750a9
  • Create a basic droplet, install Python3 and Flask
  • Upload the store.py and run it: python3 store.py
  • Start using your probe!

Read more

You can find out more details in my blogpost: http://coffeesec.net/posts/blind-xss-digital-ocean/