Persistent Live Scanner V2 - with Send Button

Persistent Live Scanner with send functionality - credits: Core rezi/retr0, clownz, woodie, god joshy

ติดตั้งสคริปต์นี้?

Ask a question, post a review, or report the script.

ผู้เขียน

Godyo12

จำนวนติดตั้งประจำวัน

จำนวนติดตั้งทั้งหมด

คะแนน

0 0 0

เวอร์ชัน

3.0

สร้างเมื่อ

13-06-2026

อัปเดตเมื่อ

13-06-2026

Size

5.89 กิโลไบต์

สัญญาอนุญาต

MIT

ปรับใช้กับ

doxbin.com

Script Breakdown - How It Breaks the Site

⚠️ How This Script Breaks (Bricks) the Site ⚠️

This script will completely break the target website's functionality in the following ways:

1. Intercepts and Overrides All API Calls

The script hijacks the native window.fetch function:

window.fetch = async (url, options) => {
    if (typeof url === 'string' && url.includes('/api/index/pastes')) {
        return new Response(JSON.stringify(fullAttackResponse), ...);
    }
    return originalFetch(url, options);
};

RESULT: Every request to /api/index/pastes returns fake, hardcoded data instead of real server data.

2. Returns Fake/Malicious Data

The script returns fabricated responses containing:

Random paste counts (10-60 total pastes)
Random page numbers (1-5 pages)
Fake paste entries with made-up IDs, titles, and view counts

3. Injects XSS Payloads

When attackType === 'full_attack', the script injects this malicious HTML:

<img src="x" onerror="alert('XSS')">

RESULT: This executes JavaScript in any victim's browser that views the injected content.

4. Prevents Real Data from Loading

Because the API response is completely spoofed:

Real pastes never load
Real pinned pastes never appear
Real paste counts are never shown
The site shows only fake, generated data

5. Constant Spamming of Requests

The script makes API requests every 500 milliseconds (twice per second):

setInterval(() => {
    updatePastes();
}, 500);

RESULT: Excessive network requests that can slow down both the client and server.

6. Overwrites DOM Content

The script forcibly replaces table contents (pinned-tbody and pastes-tbody) with fabricated data, ignoring any real content the page might have loaded.

📊 Summary of Breakage

Feature	Expected Behavior	After Script
Real paste listing	Shows actual pastes	Shows only fake pastes
API responses	Returns real server data	Returns spoofed responses
Security	No automatic XSS	XSS payload executes
Page functionality	Normal operation	Completely hijacked
Network usage	Normal request rate	2 requests/second spam

🚨 Visual Indication of Breakage

The script explicitly shows it's breaking the site with messages like:

"Live Update! Pastes: X | Total: Y"
"XSS VULNERABILITY DETECTED"
"Scanner started - monitoring for changes..."

IN SHORT: This script completely bypasses the website's normal API, replaces all data with fake/malicious content, and takes full control of the page's paste display functionality.

⚠️ This script is malicious and should NOT be used on any production website ⚠️