History

10 snapshots

Tracking since Apr 2, 2026.

View as table

Date	Users	Rating	Reviews	Version
Apr 2, 2026	27	5.00	4	1.3.0
Apr 17, 2026	29	5.00	4	1.3.0
Apr 22, 2026	39	5.00	4	1.3.0
Apr 27, 2026	47	5.00	4	1.3.0
May 5, 2026	58	5.00	5	1.4.0
May 10, 2026	65	5.00	5	1.5.1
May 16, 2026	62	5.00	5	2.0.1
May 22, 2026	68	5.00	5	2.0.1
May 29, 2026	80	5.00	5	2.0.1
Jun 4, 2026	84	5.00	5	2.0.1
Now	89	5.00	4	2.0.1

Changelog

May 10, 2026

description

XSSassin: The Ultimate Payload Injector for Pentesters & Bug Bounty Hunters

XSSassin is an advanced security testing extension designed specifically for ethical hackers, penetration testers, and security-conscious developers. Seamlessly inject common attack payloads directly into web page input fields to test for vulnerabilities like XSS, SQLi, and more—all with a single click!

🚀 CORE FEATURES:

One-Click Injection: Hover over any text field, textarea, or contenteditable area to instantly reveal quick-inject buttons.

Massive Payload Library: Built-in payloads for Cross-Site Scripting (XSS), SQL Injection (SQLi), HTML Injection, NoSQL, LDAP, OS Command Injection, XPath, SSTI, CRLF, and XXE.

Custom Payloads: Tailor your pentesting arsenal by adding your own custom payloads in the extension options.

Auto-Fill All: Hunting for bugs? Fill every input on a target page with your default or a random payload simultaneously.

Per-Site Toggling: Easily enable or disable the extension on specific domains to keep your regular browsing clean.

🛠 WHO IS THIS FOR?

Bug Bounty Hunters looking to speed up manual testing.

Penetration Testers conducting web application security assessments.

QA Engineers and Developers ensuring their forms are sanitized and secure.

⚠️ IMPORTANT / DISCLAIMER:
XSSassin is built strictly for educational purposes and authorized ethical hacking. Only use this tool on applications you own or have explicit permission to test. The developers assume no liability for misuse.

XSSassin: The Ultimate Payload Injector for Pentesters & Bug Bounty Hunters

XSSassin is an advanced security testing extension designed specifically for ethical hackers, penetration testers, and security-conscious developers. Seamlessly inject common attack payloads directly into web page input fields to test for vulnerabilities like XSS, SQLi, and more—all with a single click!

🚀 CORE FEATURES:

1. Per-site enable — Stays off until you enable it for the current origin, so normal browsing stays clean. Runs in iframes when enabled (all_frames).

2. Hover inject — Focus a text field, textarea, or contenteditable control; a small control appears so you can inject using your configured defaults.

3. In-page payload panel — Pick payloads by category (built-ins + Custom) without leaving the page.

4. Smart-Injection (optional) — Infers a likely payload category from the field (name, id, placeholder, type, autocomplete, etc.) and page URL. Biases random picks; does not run when you lock a fixed default payload or use Custom → Random (custom list only).

5. Auto fill all — Fills every matching input on the page. With Smart-Injection on, each field can get a different inferred category.

6. Copy payload — Copies a payload to the clipboard per your rules; with Smart-Injection, prefers the currently focused field when possible.

7. Default & random behavior — Popup lets you set category scope (all categories, one category, or Custom only), optional specific preset, and “Random (no default)” rules.

🛠 WHO IS THIS FOR?

Bug Bounty Hunters looking to speed up manual testing.

Penetration Testers conducting web application security assessments.

QA Engineers and Developers ensuring their forms are sanitized and secure.

⚠️ IMPORTANT / DISCLAIMER:
XSSassin is built strictly for educational purposes and authorized ethical hacking. Only use this tool on applications you own or have explicit permission to test. The developers assume no liability for misuse.

May 10, 2026

short_description

Security testing: inject payloads into input fields. XSS, SQLi, HTML injection and more.

Security testing: inject payloads into input fields. XSS, SQLi, optional Smart-Injection (heuristic category) and more.

Permissions & access

Permissions: storageactiveTabtabsscripting
Host access: <all_urls>

Screenshots

XSSassin - Web Security Payload Injector screenshot 1

XSSassin - Web Security Payload Injector screenshot 2

About

XSSassin: The Ultimate Payload Injector for Pentesters & Bug Bounty Hunters

XSSassin is an advanced security testing extension designed specifically for ethical hackers, penetration testers, and security-conscious developers. Seamlessly inject common attack payloads directly into web page input fields to test for vulnerabilities like XSS, SQLi, and more—all with a single click!

🚀 CORE FEATURES:

1. Per-site enable — Stays off until you enable it for the current origin, so normal browsing stays clean. Runs in iframes when enabled (all_frames).

2. Hover inject — Focus a text field, textarea, or contenteditable control; a small control appears so you can inject using your configured defaults.

3. In-page payload panel — Pick payloads by category (built-ins + Custom) without leaving the page.

4. Smart-Injection (optional) — Infers a likely payload category from the field (name, id, placeholder, type, autocomplete, etc.) and page URL. Biases random picks; does not run when you lock a fixed default payload or use Custom → Random (custom list only).

5. Auto fill all — Fills every matching input on the page. With Smart-Injection on, each field can get a different inferred category.

6. Copy payload — Copies a payload to the clipboard per your rules; with Smart-Injection, prefers the currently focused field when possible.

7. Default & random behavior — Popup lets you set category scope (all categories, one category, or Custom only), optional specific preset, and “Random (no default)” rules.

🛠 WHO IS THIS FOR?

Bug Bounty Hunters looking to speed up manual testing.

Penetration Testers conducting web application security assessments.

QA Engineers and Developers ensuring their forms are sanitized and secure.

⚠️ IMPORTANT / DISCLAIMER:
XSSassin is built strictly for educational purposes and authorized ethical hacking. Only use this tool on applications you own or have explicit permission to test. The developers assume no liability for misuse.