TL;DR – I re-invented the wheel with bXSS. This idea started when I attended Mario Heiderich’s Exploiting Websites training at AppSec Europe, which is an absolutely fantastic training, you should check it out. Mario mentioned that his company cure53 have a simple payload that they use for Blind Cross-Site-Scripting (XSS) https://cure53.de/m which I figured would be very useful to utilize for thing