-
-
Notifications
You must be signed in to change notification settings - Fork 2k
For Developers
Somdev Sangwan edited this page Nov 11, 2018
·
15 revisions
A thorough explanation of different modules and the overall work flow.
documentation is in progress, check back later
This file holds various variables that are used throughout the code.
Here's a comprehensive list of all the variables:
- changes: It contains the changelog to be displayed when a user checks for update.
- xsschecker: This non malicious string is used as a probe to detect reflection contexts.
- minEfficiency: Payloads with efficiency lower than this value will not be displayed to the user.
- delay: Default delay between requests.
- threadCount: Default number of threads.
- timeout: Default HTTP request timeout.
- specialAttributes: HTML tag attributes that need to be treated specially because of their nature.
- badTags: HTML tags which need to be broken out of as the code within them is not evaluated by browsers.
- tags: Tags to be used while generating payloads.
- jsFillings: Characters that can be used around a JS function call without breaking the syntax.
-
lFillings: Characters that can be used before
>in a HTML tag. - eFillings: Characters that can be used between = and JavaScript function or event handler.
- fillings: Strings that can be used instead of space
- eventHandlers: Event handlers and the tags compatible with them to be used while generating payloads
- functions: JavaScript functions that server as POC of the payload
- payloads: Payloads for filter and WAF evasion
- fuzzes: Strings to be sent while fuzzing a target
- headers: Default headers to be sent
- blindParams: List of common parameter names for parameter discovery