Table of Contents
What is Surge.sh?
Step 1: Installation
- First you will need to install NodeJS, which you can download here: https://nodejs.org/en/
- Run the following command to install the surge CLI tool
npm install --global surge
That’s it, you’ve installed surge.
Step 2: Deploying Your Payload
Create an empty directory and navigate to it:
echo "alert(1)" > payload.js
Run “surge” to deploy all files in the current directory, which should just be payload.js if you have been following along.
The first time you run surge, it will ask for your email and a password. Once you’ve set that up it won’t ask you again.
The surge command usually takes a few seconds. Once it’s done, your payload will be accessible at the subdomain that you specified. In this case, I just used the automatically chosen one, which happened to be kind-wrench.surge.sh.
I should say that Surge isn’t just for XSS payloads, it is very good at hosting full static sites.
If you enjoyed this, follow me on my socials!