Payloads

Motivation

Usually when probing functionality, we re-use payloads and see how the app is behaving. Commonly used payloads are saved somewhere, like GitHub repo, Obsedian, etc.

But when payloads are used to try and sniff out BlindXSS for example, we need a callback server. Simple find and replace to target the desired server can do the trick, but that functionality is easy enough, so it can be part of the app. And especially if you have callback server registered on the app, you easily jump to payloads, modify variables and copy it!

Example how to use payloads

In the Callbacks page, there is a tab named Payloads.

Payloads are grouped, so you have an organized however you feel appropriate.

payload-groups

When you create a payload group, you can open it. Each payload group consists of two parts:

  1. Variables
  2. Payloads

payloads

Now here is the interesting part. Variables are used to specify a value that you want, that will be replaced when you click the Replace variables and copy.

If you want value of a variable to only be temporarily changed without saving, you can do so. The value in the Value will be used, but once you refresh, the persisted value will be used like before.
Edit this page on GitHub
Table of Contents