26 lines
1.1 KiB
Markdown
26 lines
1.1 KiB
Markdown
### JS-INJECT
|
|
|
|
A simple yet powerful proxy module that lets you inject your JavaScript payloads into any HTTP web page/application.
|
|
|
|
It prevents re-initiation of your script when it's already active in the DOM by declaring your payload as a unique function variable, and in some cases ignores the `X-Content-Type-Options: nosniff` header by checking for both `Content-Type` headers and file extensions.
|
|
|
|
All you have to do is set your payload path in the caplet file.
|
|
|
|
**jsinject/jsinject.cap**
|
|
|
|
```sh
|
|
# Set the path to your JavaScript payload
|
|
set jsinject.payload jsinject/payloads/form-phisher.js
|
|
|
|
set http.proxy.script jsinject/jsinject.js
|
|
set net.sniff.verbose false
|
|
net.sniff on
|
|
http.proxy on
|
|
```
|
|
|
|
<hr>
|
|
|
|
### Included payload
|
|
|
|
<b><a href="./payloads/form-phisher.js">form-phisher.js</a></b> is included, which will wait for the victim to press a key before binding to the enter key, mouse click, screen tap and submit events in order to phish all the fields. This can be useful when you want to sniff proxied forms that are submitted over HTTPS, don't use URL parameters, etc.
|