Home » , » xssf v2.3- Cross-Site Scripting Framework

xssf v2.3- Cross-Site Scripting Framework

Written By mediana saputra on Tuesday, 19 February 2013 | 00:46


The Cross-Site Scripting Framework (XSSF) is a security tool designed to turn the XSS vulnerability exploitation task into a much easier work. The XSSF project aims to demonstrate the real dangers of XSS vulnerabilities, vulgarizing their exploitation. This project is created solely for education, penetration testing and lawful research purposes.

XSSF allows creating a communication channel with the targeted browser (from a XSS vulnerability) in order to perform further attacks. Users are free to select existing modules (a module = an attack) in order to target specific browsers.

XSSF provides a powerfull documented API, which facilitates development of modules and attacks. In addition, its integration into the Metasploit Framework allows users to launch MSF browser based exploit easilly from an XSS vulnerability.

In addition, an interesting though exploiting an XSS inside a victim's browser could be to browse website on attacker's browser, using the connected victim's session. In most of cases, simply stealing the victim cookie will be sufficient to realize this action. But in minority of cases (intranets, network tools portals, etc.), cookie won't be useful for an external attacker. That's why XSSF Tunnel was created to help the attacker to help the attacker browsing on affected domain using the victim's session.

This work is the result of an internship studies conducted for the Faculty of Science and Technology of Limoges (MASTER II Cryptis)within CONIX Security company.

Download latest version updated on 07-feb-2013
XSSF-2.3.zip 1.6 MB

Description: New minor version compatible with last Metasploit Framework 4.6.0-dev. Installed and tested with success on Windows 7 / BackTrack 5r3

Source-
Share this article :

Post a Comment

 
Support : Creating Website | Johny Template | Mas Template
Copyright © 2011. Turorial Grapich Design and Blog Design - All Rights Reserved
Template Created by Creating Website Published by Mas Template
Proudly powered by Blogger