Skip to main content

XSSF (Cross-Site Scripting Framework )

-----------------------------­-------------------
The Cross-Site Scripting Framework (XSSF) is a security tool designed to turn the XSS vulnerability exploitation task into a much easier work. The XSSF project aims to demonstrate the real dangers of XSS vulnerabilities, vulgarizing their exploitation. This project is created solely for education, penetration testing and lawful research purposes.
XSSF allows creating a communication channel with the targeted browser (from a XSS vulnerability) in order to perform further attacks. Users are free to select existing modules (a module = an attack) in order to target specific browsers.
XSSF provides a powerfull documented API, which facilitates development of modules and attacks. In addition, its integration into the Metasploit Framework allows users to launch MSF browser based exploit easilly from an XSS vulnerability.

In addition, an interesting though exploiting an XSS inside a victim’s browser could be to browse website on attacker’s browser, using the connected victim’s session. In most of cases, simply stealing the victim cookie will be sufficient to realize this action. But in minority of cases (intranets, network tools portals, etc.), cookie won’t be useful for an external attacker. That’s why XSSF Tunnel was created to help the attacker to help the attacker browsing on affected domain using the victim’s session

Labels:

Comments

Post a Comment

Popular posts from this blog

Physical Teleportation Theoretical method to do It!

Teleportation is the ability of moving matter from one point in time and space to another point in time and space instantaneously. There are different types of teleportation available at this time both visual and physical teleportation are possible and we use visual teleportation as our starting point. Types Visual body teleportation Astral body teleportation The different types of visual teleportation are. visual body or astral body teleportation , or visual object teleportation but before we can master teleportation we must first learn the art of Telekinesis/Psychokinesis and Clairsentience and the higher state of consciousness the seventh sense. Other abilities useful in teleportation are Tele-Visualization and ESP (Extrasensory Perception). The ability of teleportation is used in Time travel, Interstellar travel, and Dimensional travel. Teleportation is the near instantaneous transport of the Psychic from one location to another and there is no other fo...
5 comments
....

How to make explosive at home

Hey guys. So I seen a few tutorials on how to make explosives at home. Most of them were pretty long and confusing, dangerous or just stupid. Well this tutorial will show you a very easy way anyone can make explosives, and it's quite stable. What you need: Acetone (C3H6O) Hydrogen Peroxide You can get these from the pharmacy. Mixing these two ingredients in a high temperature will result in Acetone Peroxide. It's not very stable when it's dry, so as long as it's wet it's more stable. This "TATP" got a bit a publicity a couple years ago, in the U.K. Underground bombings, actually. It's dangerous, just like any explosive, so be VERY careful if you plan to make this. And read about it here http://en.wikipedia.org/wiki/Acetone_peroxide I AM NOT RESPONSIBLE FOR ANYTHING YOU DO WITH THIS INFORMATION. THIS IS FOR EDUCATION PURPOSE ONLY.
Post a Comment
....

Trojan blackdoor

What is trojan backdoor ? Backdoor.Trojan is a detection name used by Symantec to identify malicious software programs that share the primary functionality of enabling a remote attacker to have access to or send commands to a compromised computer. As the name suggests, these threats are used to provide a covert channel through which a remote attacker can access and control a computer. The Trojans vary in sophistication, ranging from those that only allow for limited functions to be performed to those that allow almost any action to be carried out, thus allowing the remote attacker to almost completely take over control of a computer. A computer with a sophisticated back door program installed may also be referred to as a "zombie" or a "bot". A network of such bots may often be referred to as a "botnet". Botnets have been well publicized in the news over the years, with different instances being given specific names such as Kraken, Mariposa, or Kneber, alon...
Post a Comment
....