XSSF is an amazing tool that is designed to make the XSS vulnerability exploitation an easy task.
It provides a powerful documented API, which facilitates the development of modules and attacks. Its integration into the Metasploit Framework allows users to launch MSF browser based exploits very easily.
XSSF allows creating a communication channel with the targeted browser (from an XSS vulnerability).
Installation Instructions
1. Download the latest Metasploit Framework (MSF) release.2. Install Metasploit Framework.
3. Update Ruby if not already done.
4. Download XSSF (download links are at the end of this article).
5. Copy and paste all downloaded files into the Metasploit folder.
XSSF Basics: Install (Kali-1.0) & Use:
Simple XSSF attack (Stealing file on Xperia X10):
Launching MSF exploit through XSSF (CVE-2010-2568):
XSSF Tunnel (Surfing through targeted browser):
You might also like:
- 14 Best IP Hide Tools 2016/2017
- OSForensics - Tool For Extracting Forensic Data From Computers
- Snort - OpenSource Network Intrusion Detection Tool
- Weevely - Weaponized Web Shell
- Pentoo - Gentoo-Based Linux Distribution For Penetration Testers
- evasi0n - Jailbreak Tool For iOS 6, 7 Devices
- SSLyze - Tool For Analysing SSL/TLS Configurations
- Advanced Windows Service Manager - Tool For Analyzing Windows Services
- theHarvester - Tool For Gathering Target Information (E-mail accounts, subdomain names, open ports and etc.)
Related Articles
This post first appeared on Effect Hacking - Hacking Tools, How To Guides An, please read the originial post: here
