Skip to content
master
Switch branches/tags
Go to file
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
 
 

README.md

XSS Hunter Correlated Injection API Doc

This document is meant to outline the single API endpoint required to build an XSS Hunter compatible correlated injection tool.

Endpoint

https://api.xsshunter.com/api/record_injection

Content-Type

application/json

Parameters

request - This is the request that was performed with the unique injection_key. This could be an HTTP request or another protocol.

owner_correlation_key - This is the key which is exposed under the "Settings" tab of the XSS Hunter website. It is unique for each account and should not be shared in between users.

injection_key - This is the unique key used for each injection, generation of these keys is up to the creator of the tool.

Example HTTP Request/Response

POST /api/record_injection HTTP/1.1
Host: api.xsshunter.com
User-Agent: xsshunter_client
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json; charset=utf-8
Referer: https://xsshunter.com/app
Content-Length: 196
Connection: close

{"request":"GET / HTTP/1.1...","owner_correlation_key":"XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX", "injection_key":"UNIQUE_REQUEST_KEY"}
HTTP/1.1 200 OK
Server: cloudflare-nginx
Date: Thu, 24 Mar 2016 05:06:33 GMT
Content-Type: application/json
Connection: close
X-Xss-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self'
Expires: 0
Cache-Control: no-cache, no-store, must-revalidate
Access-Control-Allow-Methods: OPTIONS, PUT, DELETE, POST, GET
Strict-Transport-Security: max-age=0; includeSubDomains
Pragma: no-cache
Access-Control-Allow-Credentials: true
X-Frame-Options: deny
Access-Control-Allow-Headers: X-CSRF-Token, Content-Type
Access-Control-Allow-Origin: https://xsshunter.com
CF-RAY: 2887982ed5e32864-SJC
Content-Length: 72

{"message": "Injection request successfully recorded!", "success": true}

Example Client

Please see https://github.com/mandatoryprogrammer/xsshunter_client for an example client built off of this API.

About

XSS Hunter correlated injection API guide

Resources

Releases

No releases published

Packages

No packages published