pentest-xss

The fragment is explicit offensive guidance for injecting XSS and exfiltrating browser data via Burp Suite rules and payloads. It contains actionable, weaponizable patterns (remote script loading, fetch-based cookie exfiltration, and eval-decoded payloads). This is dual-use content but presents a high security risk if found in a dependency intended for general consumption. Recommend restricting distribution, removing hard-coded exfil endpoints, or placing in an explicitly authorized pentest-only repository with access controls and clear disclaimers.

This document is an explicit exploitation guide for blind/stored XSS that instructs how to inject persistent script payloads (including via common HTTP headers) and detect execution via an OOB callback. It provides actionable payloads and automation guidance, which can be used for both legitimate security testing and malicious abuse. Treat this artifact as a high-risk enabling document for web-application compromise; distribution or embedding in packages/modules intended for broad consumption would present a significant security hazard.