From b509e3e5ff27df550561ac6660ef5deef28ad21d Mon Sep 17 00:00:00 2001 From: jose nazario Date: Thu, 21 Dec 2017 23:14:18 -0500 Subject: [PATCH] very minor edits - use pre-formatted text consistently for commands - fix spelling of override --- README.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index c41f28e..49f6bfa 100644 --- a/README.md +++ b/README.md @@ -3,7 +3,9 @@ "Repeater" style XSS post-exploitation tool for mass browser control. Primarily a PoC to show why HttpOnly flag isn't a complete protection against session hijacking via XSS. ## Dependencies: +``` pip install -r requirements.txt +``` ## Usage: to run the tool, simply use: @@ -24,7 +26,7 @@ In order to hook a victim, you should write the following script tag to a page v ## Asynchronous payloads: -To overide normal task output data within your payload (for example in order to retrieve output from XMLHttpRequest), call the "sendOutput" function and pass it your intended output. For example: +To override normal task output data within your payload (for example in order to retrieve output from XMLHttpRequest), call the "sendOutput" function and pass it your intended output. For example: ```javascript var xmlhttp = new XMLHttpRequest();