XSS Test (Educational Purposes Only)

1. const xssMenu = document.createElement('div');
2. xssMenu.id = 'xss-menu';
3. xssMenu.style.position = 'fixed';
4. xssMenu.style.bottom = '20px';
5. xssMenu.style.left = '20px';
6. xssMenu.style.zIndex = '9999';
7. xssMenu.style.backgroundColor = '#222';
8. xssMenu.style.color = '#fff';
9. xssMenu.style.padding = '15px';
10. xssMenu.style.borderRadius = '10px';
11. xssMenu.style.width = '320px';
12. xssMenu.style.fontFamily = 'Arial, sans-serif';
13. xssMenu.style.boxShadow = '0 5px 15px rgba(0, 0, 0, 0.3)';
14. xssMenu.style.display = 'none';
15. xssMenu.style.transition = 'transform 0.3s ease, opacity 0.3s ease';
16.  
17. const xssMenuButton = document.createElement('button');
18. xssMenuButton.textContent = '☰ XSS Menu';
19. xssMenuButton.style.position = 'fixed';
20. xssMenuButton.style.bottom = '15px';
21. xssMenuButton.style.left = '20px';
22. xssMenuButton.style.zIndex = '10000';
23. xssMenuButton.style.padding = '10px 15px';
24. xssMenuButton.style.backgroundColor = '#444';
25. xssMenuButton.style.color = '#fff';
26. xssMenuButton.style.border = 'none';
27. xssMenuButton.style.borderRadius = '5px';
28. xssMenuButton.style.cursor = 'pointer';
29. xssMenuButton.style.transition = 'background 0.2s ease, transform 0.1s ease';
30. xssMenuButton.onmouseover = () => xssMenuButton.style.backgroundColor = '#555';
31. xssMenuButton.onmouseout = () => xssMenuButton.style.backgroundColor = '#444';
32. xssMenuButton.onmousedown = () => xssMenuButton.style.transform = 'scale(0.95)';
33. xssMenuButton.onmouseup = () => xssMenuButton.style.transform = 'scale(1)';
34. xssMenuButton.onclick = () => {
35. xssMenu.style.display = xssMenu.style.display === 'none' ? 'block' : 'none';
36. };
37.  
38. document.body.appendChild(xssMenuButton);
39. document.body.appendChild(xssMenu);
40.  
41. let xssPayloads = JSON.parse(localStorage.getItem('xssPayloads')) || [];
42. const xssPayloadsList = document.createElement('ul');
43. xssPayloadsList.style.maxHeight = '150px';
44. xssPayloadsList.style.overflowY = 'auto';
45. xssPayloadsList.style.border = '1px solid #555';
46. xssPayloadsList.style.padding = '5px';
47. xssPayloadsList.style.marginBottom = '10px';
48. xssPayloadsList.style.listStyle = 'none';
49. xssPayloadsList.style.fontSize = '14px';
50. xssMenu.appendChild(xssPayloadsList);
51.  
52. const notification = document.createElement('div');
53. notification.style.position = 'fixed';
54. notification.style.bottom = '60px';
55. notification.style.left = '50%';
56. notification.style.transform = 'translateX(-50%)';
57. notification.style.backgroundColor = '#4CAF50';
58. notification.style.color = 'white';
59. notification.style.padding = '10px 20px';
60. notification.style.borderRadius = '5px';
61. notification.style.fontSize = '14px';
62. notification.style.boxShadow = '0 2px 10px rgba(0,0,0,0.2)';
63. notification.style.display = 'none';
64. document.body.appendChild(notification);
65.  
66. function showNotification(message, color = '#4CAF50') {
67. notification.textContent = message;
68. notification.style.backgroundColor = color;
69. notification.style.display = 'block';
70. setTimeout(() => { notification.style.display = 'none'; }, 2000);
71. }
72.  
73. const loadingBar = document.createElement('div');
74. loadingBar.style.width = '100%';
75. loadingBar.style.height = '5px';
76. loadingBar.style.backgroundColor = '#4CAF50';
77. loadingBar.style.position = 'absolute';
78. loadingBar.style.bottom = '0';
79. loadingBar.style.left = '0';
80. loadingBar.style.transition = 'width 2s ease';
81. loadingBar.style.display = 'none';
82. xssMenu.appendChild(loadingBar);
83.  
84. function startLoading() {
85. loadingBar.style.width = '0%';
86. loadingBar.style.display = 'block';
87. setTimeout(() => { loadingBar.style.width = '100%'; }, 100);
88. setTimeout(() => { loadingBar.style.display = 'none'; }, 2000);
89. }
90.  
91. function refreshPayloadList() {
92. xssPayloadsList.innerHTML = ''; // Clear list
93. xssPayloads.forEach(payload => {
94. const listItem = document.createElement('li');
95. listItem.textContent = payload;
96. listItem.style.cursor = 'pointer';
97. listItem.style.padding = '3px';
98. listItem.onclick = () => injectPayload(payload);
99. xssPayloadsList.appendChild(listItem);
100. });
101. }
102. refreshPayloadList();
103.  
104. const payloadInput = document.createElement('textarea');
105. payloadInput.placeholder = 'Enter XSS payloads (one per line)';
106. payloadInput.style.width = '100%';
107. payloadInput.style.height = '80px';
108. payloadInput.style.marginBottom = '10px';
109. xssMenu.appendChild(payloadInput);
110.  
111. const applyButton = document.createElement('button');
112. applyButton.textContent = 'Apply Payloads';
113. applyButton.style.width = '100%';
114. applyButton.onclick = () => {
115. const inputPayloads = payloadInput.value.split('\n').map(p => p.trim()).filter(p => p);
116. xssPayloads = [...new Set([...xssPayloads, ...inputPayloads])]; // Avoid duplicates
117. localStorage.setItem('xssPayloads', JSON.stringify(xssPayloads));
118. refreshPayloadList();
119. payloadInput.value = ''; // Clear input
120. startLoading();
121. showNotification('Payloads Applied!');
122. };
123. xssMenu.appendChild(applyButton);
124.  
125. const injectAllButton = document.createElement('button');
126. injectAllButton.textContent = 'Inject All Payloads';
127. injectAllButton.style.width = '100%';
128. injectAllButton.onclick = () => {
129. startLoading();
130. setTimeout(() => {
131. injectIntoAllFields();
132. showNotification('Payloads Injected!');
133. }, 2000);
134. };
135. xssMenu.appendChild(injectAllButton);
136.  
137. const resetButton = document.createElement('button');
138. resetButton.textContent = 'Reset Payloads';
139. resetButton.style.width = '100%';
140. resetButton.style.backgroundColor = 'red';
141. resetButton.style.color = 'white';
142. resetButton.onclick = () => {
143. localStorage.removeItem('xssPayloads');
144. xssPayloads = [];
145. refreshPayloadList();
146. showNotification('Payloads Reset!', 'red');
147. };
148. xssMenu.appendChild(resetButton);
149.  
150. // Add "Check All Reflections" button
151. const checkReflectionsButton = document.createElement('button');
152. checkReflectionsButton.textContent = 'Check All Reflections';
153. checkReflectionsButton.style.width = '100%';
154. checkReflectionsButton.style.marginTop = '5px';
155. checkReflectionsButton.onclick = () => {
156. checkAllReflections();
157. };
158. xssMenu.appendChild(checkReflectionsButton);
159.  
160. function checkAllReflections() {
161. let foundReflections = [];
162.  
163. xssPayloads.forEach(payload => {
164. if (document.body.innerHTML.includes(payload)) {
165. foundReflections.push(payload);
166. }
167. });
168.  
169. if (foundReflections.length > 0) {
170. showNotification(`Potential XSS found! Payloads: ${foundReflections.join(", ")}`, "orange");
171. console.log("Reflected Payloads:", foundReflections);
172. } else {
173. showNotification("No reflections detected!", "#FFD700");
174. }
175. }
176.  
177.  
178. function injectPayload(payload) {
179. document.querySelectorAll("input[type='text'], input[type='search'], textarea, [contenteditable='true']")
180. .forEach(input => { input.value = payload; });
181.  
182. document.querySelectorAll("form").forEach(form => {
183. let submitButton = form.querySelector("[type=submit]");
184. if (submitButton) submitButton.click();
185. else form.submit();
186. });
187. }
188.  
189. function injectIntoAllFields() {
190. xssPayloads.forEach(payload => injectPayload(payload));
191. }
192.