❓ How to Use the Payload Generator

The Payload Generator (Feature 4) is designed for penetration testers to test for common vulnerabilities like SQLi, XSS, LFI, and more.

Step-by-step Instructions:

  1. Select a Payload:
    Use the dropdown menu labeled "-- Select Payload --" to choose from categories like SQL Injection, Command Injection, or HTML Injection.
  2. Preview or Edit Payload:
    The selected payload will appear in the text field below the dropdown. You can also type your own custom payloads here.
  3. Save or Load:
    Click Save to store a custom payload locally. Use Load to view saved payloads again.
  4. Inject Script:
    Press the green "Inject Script" button to run the selected payload into the active tab's DOM or form fields.
  5. Auto-submit:
    Check the box if you want the extension to automatically submit the form after payload injection.
  6. Encode Options:
    - Encode URI for URL encoding
    - Base64 to encode payloads
    - HTML Escape for sanitization testing
  7. Scan Options:
    - Fuzz Params will inject common payloads into URL and form fields.
    - Scan DOM Sinks checks the page for known XSS sink points like innerHTML, eval, etc.
    - Scan Storage Leaks checks localStorage and sessionStorage for sensitive info.
    - Scan iFrame & CSP detects unauthorized iframe injections or CSP headers missing.
  8. Export Reports:
    - Export JSON / CSV / PDF will generate downloadable reports based on your testing activity.
  9. Auto-Run:
    Enable "Auto-run tests on page load" to have the extension automatically test for vulnerabilities every time a new page is loaded.

Be ethical. Only use this tool on systems you have explicit permission to test.

Close This Guide