XSSYA work by execute the payload encoded to bypass Web Application Firewall which is the first method request and response if it respond 200 it turn to Method 2 which search that payload decoded in web page HTML code if it confirmed get the last step which is execute document.cookie to get the cookie
XSSYA Features

* Support HTTPS
* After Confirmation (execute payload to get cookies)
* Can be run in (Windows - Linux)
* Identify 3 types of WAF (Mod_Security - WebKnight - F5 BIG IP)
*XSSYA Continue Library of Encoded Payloads To Bypass WAF (Web Application Firewall)
* Support Saving The Web HTML Code Before Executing
the Payload Viewing the Web HTML Code into the Screen or Terminal