Cross-site scripting (XSS) is a type of computer security vulnerability typically found in web applications which enable malicious attackers to inject client-side script into web pages viewed by other users. XSS Tunnel runs in conjunction with XSS Shell, which is a powerful XSS backdoor. XSS Shell allows interactively getting control over a Cross-site Scripting vulnerability in a web application.
XSS Tunnel is a proxy (client-server architecture, actually) which allows you to tunnel any HTTP traffic through a Cross-site Scripting (XSS) Channel opened by the XSS Shell! This is not all! It is a completely open source application! An XSS Channel is an interactive communication channel between two systems which is opened by an XSS attack. It is a type of AJAX application which can obtain commands, send responses back and is able to talk cross-domain. The communication taking place between the two systems is bi-directional. A pictorial representation of the working of this system is:
Working of the XSS Shell.
For the XSS Shell to work, all you have to do is inject the XSS Shell by means of an XSS attack. You can then instruct the infected browser to carryout requests for you.
XSS Tunnel is written in .NET and requires .NET Framework to work. It looks like this:
Some XSS Shell commands are shown below:
o Get Cookie
o Get Current Page
o Execute custom Javascript
o Get Mouse Log
o Get Keylogger Data
o Get Clipboard
o Get Internal IP Address (Firefox – JVM)
o Check visited links (CSS history hack)
o Crash Browser
Download XSS Tunnel here.
Searches leading to this post:xss tunnel, inject xss shell, XSS Shell Tutorial, xss tunnling tutorial
You must log in to post a comment.