A script that aids in retrieving XML output via Blind XPath Injection. Features:
- Multi-processing
- Extract output starting from any node (from current node to child node only, recursion not yet added)
- Currently supports only POST form submissions
- Custom wordlist to reduce the possible bruteforce combinations
Note: Please modify the script to include cookies. This script was designed to retrieve sensitive XML data from a functionality where no authentication was required (Apparently the script performed faster without sending cookies.).