Fugitif
11.11.2007, 22:13
Tunnelling HTTP traffic through XSS Channels
What Is XSS Tunnelling?
XSS Tunnelling is the tunnelling of HTTP traffic through an XSS Channel to use
virtually any application that supports HTTP proxies.
What Is XSS Tunnel?
XSS Tunnel is the standard HTTP proxy which sits on an attacker’s system. Any tool
that is configured to use it will tunnel its traffic through the active XSS Channel on
the XSS Shell server. The XSS Tunnel converts the request and responds
transparently to validate the HTTP responses and XSS Shell requests.
XSS Tunnel is written in .NET and requires .NET Framework to work. It is a GPL
Licensed open source application.
XSS Tunnelling Paper:
http://www.portcullis-security.com/uplds/whitepapers/XSSTunnelling.pdf
XSS Tunnel and XSS Shell
(includes source codes and binaries)
http://www.portcullis-security.com/tools/free/xssshell-xsstunnell.zip
XSS Tunnelling Video Dimonstration:
http://ferruh.mavituna.com/blogs/xsstunnelling-video.zip
------------------------------------------------------------------------------------------------------
XSS Shell
XSS Shell - Backdooring The Web
XSS Shell is powerful a XSS backdoor and zombie manager. This concept first presented by XSS-Proxy. Normally in XSS attacks attacker has one shot, in XSS Shell you can interactively send requests and get responses from victim. you can backdoor the page.
You can steal basic authentication, you can bypass IP restrictions in administration panels, you can DDoS some systems with a permanent XSS vulnerability etc. Attack possibilities are limited with ideas. Basically this tool demonstrates that you can do more with XSS.
XSS Shell has several features to gain whole access over victim. Also you can simply add your own commands.
Other features:
* Keylogger
* Mouse Logger (click points + current DOM)
Built-in Commands:
* Get Keylogger Data
* Get Current Page (Current rendered DOM / like screenshot)
* Get Cookie
* Execute supplied javaScript (eval)
* Get Clipboard (IE only)
* Get internal IP address (Firefox + JVM only)
* Check victim's visited URL history
* DDoS
* Force to Crash victim's browser
Download: XSS Shell:
http://www.portcullis-security.com/tools/free/XSSShell039.zip
XSS Shell Installation (video) :
7 minutes video shows how can you installation and configuration of XSS Shell and XSS Tunnel.
http://ferruh.mavituna.com/makale/xss-shell-install-video/
XSS Shell Video Dimonstration:
http://ferruh.mavituna.com/xssshell/demo/
That's all ppl,but for more info and update go to visit:
http://www.portcullis-security.com/1.php
What Is XSS Tunnelling?
XSS Tunnelling is the tunnelling of HTTP traffic through an XSS Channel to use
virtually any application that supports HTTP proxies.
What Is XSS Tunnel?
XSS Tunnel is the standard HTTP proxy which sits on an attacker’s system. Any tool
that is configured to use it will tunnel its traffic through the active XSS Channel on
the XSS Shell server. The XSS Tunnel converts the request and responds
transparently to validate the HTTP responses and XSS Shell requests.
XSS Tunnel is written in .NET and requires .NET Framework to work. It is a GPL
Licensed open source application.
XSS Tunnelling Paper:
http://www.portcullis-security.com/uplds/whitepapers/XSSTunnelling.pdf
XSS Tunnel and XSS Shell
(includes source codes and binaries)
http://www.portcullis-security.com/tools/free/xssshell-xsstunnell.zip
XSS Tunnelling Video Dimonstration:
http://ferruh.mavituna.com/blogs/xsstunnelling-video.zip
------------------------------------------------------------------------------------------------------
XSS Shell
XSS Shell - Backdooring The Web
XSS Shell is powerful a XSS backdoor and zombie manager. This concept first presented by XSS-Proxy. Normally in XSS attacks attacker has one shot, in XSS Shell you can interactively send requests and get responses from victim. you can backdoor the page.
You can steal basic authentication, you can bypass IP restrictions in administration panels, you can DDoS some systems with a permanent XSS vulnerability etc. Attack possibilities are limited with ideas. Basically this tool demonstrates that you can do more with XSS.
XSS Shell has several features to gain whole access over victim. Also you can simply add your own commands.
Other features:
* Keylogger
* Mouse Logger (click points + current DOM)
Built-in Commands:
* Get Keylogger Data
* Get Current Page (Current rendered DOM / like screenshot)
* Get Cookie
* Execute supplied javaScript (eval)
* Get Clipboard (IE only)
* Get internal IP address (Firefox + JVM only)
* Check victim's visited URL history
* DDoS
* Force to Crash victim's browser
Download: XSS Shell:
http://www.portcullis-security.com/tools/free/XSSShell039.zip
XSS Shell Installation (video) :
7 minutes video shows how can you installation and configuration of XSS Shell and XSS Tunnel.
http://ferruh.mavituna.com/makale/xss-shell-install-video/
XSS Shell Video Dimonstration:
http://ferruh.mavituna.com/xssshell/demo/
That's all ppl,but for more info and update go to visit:
http://www.portcullis-security.com/1.php