Usage:
http://cm2.pw/research/fuzz.client?url=http://example.com

Parameters:
url   -   Target URL, required
charset   -   A comma separated list of Character Sets, optional (default: http://cm2.pw/fuzz/charsets.txt)

Example:
http://cm2.pw/research/fuzz.client?url=https://api.ipify.org%3fformat=json
http://cm2.pw/research/fuzz.client?url=https://api.ipify.org%3fformat=json&charset=http://cm2.pw/fuzz/charsets.txt

Note: Charset must be returned with Acess-Control-Allow-Origin: * (or http://cm2.pw)

References:
http://blog.portswigger.net/2016/11/json-hijacking-for-modern-web.html
https://github.com/cure53/XSSChallengeWiki/wiki/JSON-Hijacking-Mini-Challenge