FAQ

What is xsscope.html and how to use it?

After running server.py , you can safely send xsscope.html to anyone you want to keylogg or hijack the camera. XSScope can play 2 roles, a payload generator for Bug Hunting (performing XSS into vulnerable websites) or sending malicious HTML file to a victim.

How to use XSScope to hijack other's camera and keyboard?

After running server.py, send xsscope.html to the victim and wait for it to be opened.

How can XSScope be used in Bug Hunting?

Simply copy and paste the generated XSS payloads into the vulnerable website. It couldn't be much easier. XSScope aims for all kinds of XSS (DOM, Stored, Reflected and Blind XSS).

How good is the sustainability?

While sending the HTML payload to the victim, remember to keep server.py running, otherwise the IP and Port (used for Portforwading) will be generated with a new one. If you want to rerun the script, be aware that you will lose the connections you currently/might have.

Can I customize the JS code in xsscode.js to create an external Phishing Website?

Yes, by simply copy-paste xsscope.js in the Phishing Page HTML source code that you want to build. However I am working to add this feature into the software.