XSS Callback Log

Attacker View

Simulates the xss.report dashboard — data captured from the admin's browser when the payload fires.

Attacker perspective: In a real Blind XSS attack, the attacker sets their payload to call back to xss.report (or their own server). When any admin views the ticket, their browser executes the script and sends cookies, IP, DOM, localStorage and more to the attacker. This panel simulates that callback log.

Received Callbacks

No callbacks yet.
Submit a ticket with a payload, then open it in the Admin Panel.