xssless: An Automated XSS Payload Generator

Xssless is an automated XSS payload generator written in python.


  1. Record request(s) with Burp proxy
  2. Select request(s) you want to generate, then right click and select "Save items"
  3. Use xssless to generate your payload: ./ burp_export_file
  4. Pwn!


  • Automated XSS payload generation from imported Burp proxy requests
  • Payloads are 100% asynchronous and won't freeze the user's browser
  • Payloads are optimized, but should be minimized by a third party tool
  • CSRF tokens can be easily extracted and set via the -p option
  • POST multipart is supported, along with XSS file uploading via the -f option
  • Payloads are dynamic and portable (due to relative URLs)
  • Self propagation is now supported - meaning you can set a POST value to the payload itself!
  • Crazy JavaScript worms with no hassle!


Download the latest xssless:

git clone

Run the script:
./ -h

Download and
xssless: An Automated XSS Payload Generator Reviewed by Ethical Hacking on 8:50 AM Rating: 5

No comments:

Feel free to ask questions, we love to respond.

All Rights Reserved by The World of IT & Cyber Security: © 2014 - 2015
Powered By Blogger, Designed by Sweetheme

Contact Form


Email *

Message *

Powered by Blogger.