Correlated injection proxy tool for XSS Hunter
This tool can be used to generate correlated XSS payloads, these payloads are tagged with a unique ID which can be used to track which HTTP request caused which XSS payload to fire. By using this tool all of your injection attempts are tracked and the reports you generate will have the responsible injection attempt included in the final output. This is useful since XSS payloads can often traverse multiple services (and even protocols) before firing, so it's not always clear what injection caused a certain XSS payload to fire.
pip install -r requirements.txt
./generate_config.pyand follow the steps mentioned.
mitmproxy -s mitm_xsshunter.py -p 1234
Using the client is simple, during the config generation you will set a list of dummy words, these are special strings which will be replaced upon being seen by the proxy tool. For example, one rule could have the dummy word be
https://example.comin the request it will automatically replace it with the