Wrapper_JS


    
    Wrapper.js:327

append(sufix) → {Wrapper_JS}

Add a sufix to a payload

Parameters

Name	Type	Description
`sufix`	String	Sufix to add to the current payload

Returns

Type: Wrapper_JS


    
    Wrapper.js:247

appendScript(selectoropt) → {Wrapper_JS}

Transform any js code into an document.appendChild(script) payload.

Example

const p = Payload.new().eval(() => alert(1))
const w = Wrapper.new().appendScript()
const c = w.wrap(p)

eval(c)

Parameters

Name	Type	Attributes	Default	Description
`selector`	string	<optional>	"body"	Css selector for the parent element

Returns

Type: Wrapper_JS


    
    Wrapper.js:213

dataUrl() → {Wrapper_JSDataUrl}

Transform any js code into a data: pseudo url.

Example

const p = Payload.new().eval(() => alert(1))
const w = Wrapper.new().dataUrl()

const s = document.createElement('script')
s.src = w.wrap(p)
document.body.appendChild(s)

Returns

Type: Wrapper_JSDataUrl


    
    Wrapper.js:196

dataUrl64() → {Wrapper_JSDataUrl}

Transform any js code into a data: base64 encoded pseudo url.

Example

const p = Payload.new().eval(() => alert(1))
const w = Wrapper.new().dataUrl64()

const s = document.createElement('script')
s.src = w.wrap(p)
document.body.appendChild(s)

Returns

Type: Wrapper_JSDataUrl


    
    Wrapper.js:338

enclose(prefix, sufix) → {Wrapper_JS}

Add a prefix and a sufix to a payload

Parameters

Name	Type	Description
`prefix`	String	Prefix to add to the current payload
`sufix`	String	Sufix to add to the current payload

Returns

Type: Wrapper_JS


    
    Wrapper.js:144

evalB64() → {Wrapper_JS}

Transform any js code into an eval(atob()) payload.

Example

const p = Payload.new().eval(() => alert(1))
const w = Wrapper.new().evalB64()
const c = w.wrap(p)

eval(c)

Returns

Type: Wrapper_JS


    
    Wrapper.js:162

evalStringForCharCode() → {Wrapper_JS}

Transform any js code into an eval(String.fromCharCode(42, 42, ...)) payload.

Example

const p = Payload.new().evalStringForCharCode(() => alert(1))
const w = Wrapper.new().evalB64()
const c = w.wrap(p)

eval(c)

Returns

Type: Wrapper_JS


    
    Wrapper.js:279

imgError() → {Wrapper_HTML}

Transform any js code into a <img onerror> payload.

Example

const p = Payload.new().eval(() => alert(1))
const w = Wrapper.new().imgError()

document.body.innerHTML = w.wrap(p)

Returns

Type: Wrapper_HTML


    
    Wrapper.js:293

inputFocus() → {Wrapper_HTML}

Transform any js code into a <input onfocus> payload.

Example

const p = Payload.new().eval(() => alert(1))
const w = Wrapper.new().inputFocus()

document.body.innerHTML = w.wrap(p)

Returns

Type: Wrapper_HTML


    
    Wrapper.js:306

minify()

Minify the js code with uglify-js

Example

const p = Payload.new().eval(() => alert(1))
const w = Wrapper.new().minify()

eval(w.wrap(p))


    
    Wrapper.js:318

prepend(prefix) → {Wrapper_JS}

Add a prefix to a payload

Parameters

Name	Type	Description
`prefix`	String	Prefix to add to the current payload

Returns

Type: Wrapper_JS


    
    Wrapper.js:229

script() → {Wrapper_HTML}

Transform any js code into a &ltscript&gt element.

Example

const p = Payload.new().eval(() => alert(1))
const w = Wrapper.new().script()

const i = document.createElement('iframe')
s.srcdoc = w.wrap(p)
document.body.appendChild(i)

Returns

Type: Wrapper_HTML


    
    Wrapper.js:265

svgLoad() → {Wrapper_HTML}

Transform any js code into a <svg onload> payload.

Example

const p = Payload.new().eval(() => alert(1))
const w = Wrapper.new().svgLoad()

document.body.innerHTML = w.wrap(p)

Returns

Type: Wrapper_HTML


    
    Wrapper.js:126

templateString() → {Wrapper_JS}

Transform any js code into a template string payload without parenthesis.

Example

const p = Payload.new().eval(() => alert(1))
const w = Wrapper.new().templateString()
const c = w.wrap(p)

eval(c)

Returns

Type: Wrapper_JS


    
    Wrapper.js:179

url() → {Wrapper_JSUrl}

Transform any js code into a javascript: pseudo url.

Example

const p = Payload.new().eval(() => alert(1))
const w = Wrapper.new().url()

document.location = w.wrap(p)

Returns

Type: Wrapper_JSUrl


    
    Wrapper.js:92

wrap(payload) → {string}

Wrap a payload or a string and return it a as string

Example

const p = Payload.new().eval(() => alert(1))
const w = Wrapper.new()
const code = w.wrap(p)

eval(code)

Inherited From:

Wrapper#wrap

Parameters

Name	Type	Description
`payload`	Payload \| String	Payload to wrap

Returns

Type: string

Constructor

new Wrapper_JS()

Extends

Methods

append(sufix) → {Wrapper_JS}

Parameters

Returns

appendScript(selectoropt) → {Wrapper_JS}

Example

Parameters

Returns

dataUrl() → {Wrapper_JSDataUrl}

Example

Returns

dataUrl64() → {Wrapper_JSDataUrl}

Example

Returns

enclose(prefix, sufix) → {Wrapper_JS}

Parameters

Returns

evalB64() → {Wrapper_JS}

Example

Returns

evalStringForCharCode() → {Wrapper_JS}

Example

Returns

imgError() → {Wrapper_HTML}

Example

Returns

inputFocus() → {Wrapper_HTML}

Example

Returns

minify()

Example

prepend(prefix) → {Wrapper_JS}

Parameters

Returns

script() → {Wrapper_HTML}

Example

Returns

svgLoad() → {Wrapper_HTML}

Example

Returns

templateString() → {Wrapper_JS}

Example

Returns

url() → {Wrapper_JSUrl}

Example

Returns

wrap(payload) → {string}

Example

Parameters

Returns