XSSassin - Web Security Payload Injector

Security testing: inject payloads into input fields. XSS, SQLi, optional Smart-Injection (heuristic category) and more.

XSSassin: The Ultimate Payload Injector for Pentesters & Bug Bounty Hunters XSSassin is an advanced security testing extension designed specifically for ethical hackers, penetration testers, and security-conscious developers. Seamlessly inject common attack payloads directly into web page input fields to test for vulnerabilities like XSS, SQLi, and more—all with a single click! 🚀 CORE FEATURES: 1. Per-site enable — Stays off until you enable it for the current origin, so normal browsing stays clean. Runs in iframes when enabled (all_frames). 2. Hover inject — Focus a text field, textarea, or contenteditable control; a small control appears so you can inject using your configured defaults. 3. In-page payload panel — Pick payloads by category (built-ins + Custom) without leaving the page. 4. Smart-Injection (optional) — Infers a likely payload category from the field (name, id, placeholder, type, autocomplete, etc.) and page URL. Biases random picks; does not run when you lock a fixed default payload or use Custom → Random (custom list only). 5. Auto fill all — Fills every matching input on the page. With Smart-Injection on, each field can get a different inferred category. 6. Copy payload — Copies a payload to the clipboard per your rules; with Smart-Injection, prefers the currently focused field when possible. 7. Default & random behavior — Popup lets you set category scope (all categories, one category, or Custom only), optional specific preset, and “Random (no default)” rules. 🛠 WHO IS THIS FOR? Bug Bounty Hunters looking to speed up manual testing. Penetration Testers conducting web application security assessments. QA Engineers and Developers ensuring their forms are sanitized and secure. ⚠️ IMPORTANT / DISCLAIMER: XSSassin is built strictly for educational purposes and authorized ethical hacking. Only use this tool on applications you own or have explicit permission to test. The developers assume no liability for misuse.