A live copy of the application can be found here.
What Can I Do with XSS Chef?
The current set of recipes can be found below, along with a description of what they allow you to do:
- Alert – Display an alert in the user’s browser
- Body Replacer – Replace the inner HTML of the document body with custom markup
- Cookie Exfiltrator – Exfiltrate one or more cookies to an external web server
- Decimal Encoder – Encode the payload into a comma-separated array of decimal numbers
- Link Hijacker – Change the href attribute of all links on the page to point to a different URL
- Keylogger – Log all key presses on the page and submit them back to a web server
- String Exfiltrator – Request a resource from the target’s browser and exfiltrate the data
- WordPress: Create User – Create a new WordPress user account on the target system
git clone https://github.com/rastating/xss-chef.git
- For a production build, run: yarn build
- For a development build, run: yarn build-dev