Detecting and Exploiting XSS Injections using XSSer Tool
来源:互联网 发布:ubuntu 查看版本 编辑:程序博客网 时间:2024/05/01 13:04
http://securityxploded.com/detecting-exploiting-xss-using-xsser-tool.php
Detecting and Exploiting XSS Injections using XSSer ToolAuthor:Manjunath aka Punter See AlsoIndex of all Anti-Spyware Tools
Index of all Password Secrets Articles
Nexpose + Metasploit = Shell
DllHijackAuditor: Smart tool to Audit DLL Hijack Vulnerability
SXPasswordSuite: A Complete Password Recovery Toolset
Research Article: 'Password Secrets of Popular Windows Applications'
SpyDLLRemover: Detect & Delete Spy DLLs from the system.
StreamArmor: Advanced tool to Scan & Sweep Malicious Streams.
Recover Windows password in seconds using Rainbow crack.
Contents Index of all Password Secrets Articles
Nexpose + Metasploit = Shell
DllHijackAuditor: Smart tool to Audit DLL Hijack Vulnerability
SXPasswordSuite: A Complete Password Recovery Toolset
Research Article: 'Password Secrets of Popular Windows Applications'
SpyDLLRemover: Detect & Delete Spy DLLs from the system.
StreamArmor: Advanced tool to Scan & Sweep Malicious Streams.
Recover Windows password in seconds using Rainbow crack.
- About XSSer Tool
- In action with XSSer
- XSSer Action Screenshots
- Exploitation of XSS Injections
- Conclusion
- References
In this introductory article I will show you how easy to use the XSSer for Detection and Exploitation of XSS in a vulnerable website. In action with XSSer Here we will experiment this tool on following test vulnerable website, http://testasp.vulnweb.com/
Below are simple steps on using XSSer. root@punter:/pentest/web# $ svn co https://xsser.svn.sourceforge.net/svnroot/xsser xsser
root@punter:/pentest/web# cd xsser
root@punter:/pentest/web/xsser# python XSSer.py -u 'http://testasp.vulnweb.com' -g 'Search.asp?tfSearch='
-proxy 'http://127.0.0.1:8118? -referer '666.666.666.666? -user-agent 'correct audit' -Fuzz -s XSSer Action Screenshots After you execute above sequence of commands you can see the results as shown in the sequence of screenshots below. Screenshot 1: Testing the vulnerable website for XSS Injections using XSSer
Screenshot 2: Testing the vulnerable website for XSS Injections using XSSer [Continued] 
Screenshot 3: Final results of XSS Detection operation. You can see that XSSer has already found couple of XSS flaws in our test website. 
Exploitation of XSS Injections In the above screenshot, the text marked in blue indicates attack vector which can trigger XSS Injectionson this website. Now we can go ahead and manually verfy these injections and it does not take long.
Below is the screenshot showing successful exploitation of detected XSS Injection.
Conclusion This article shows how easy to use XSSer tool to detect those hiddenXSS flaws in any website using very simple steps. You can rest your brain for the time being while XSSer does all the job for you. References - XSSer - Open Source based XSS Injection Detector Tool
0 0
- Detecting and Exploiting XSS Injections using XSSer Tool
- Exploiting hard filtered SQL Injections
- Detecting and Using LTE Networks
- Exploiting hard filtered SQL Injections 3
- XSS平台搭建(xsser.me)
- Detecting Wifi Networks Using Delphi and Native Wifi API
- XSS漏洞自动化攻击工具XSSer
- XSSER
- Multiple Exploiting IE8/IE7 XSS Vulnerability
- Detecting Skin in Images & Video Using Python and OpenCV皮肤检测
- XSSer(超强XSS攻击利器)使用说明中文版
- xss平台搭建(使用xsser.me源码)
- XSS 平台搭建与优化(基于 xsser.me 源码)
- django dynamic models and field injections
- IE办的傻事儿 Exploiting XSS Filter
- Practically Exploiting MS15-014 and MS15-011
- Detecting HTTP Load Balancers using Halberd
- Using Touch Gestures 》Detecting Common Gestures
- apache lucene solr 官网历史版本下载地址
- 一步之遥!《劲舞团》手机版开启删档封测
- SQL分页语句三方案
- 使用python的内置ctypes模块与c、c++写的dll进行交互
- CF 496D(Tennis Game-O(t*(n/t)复杂度+vector排序)
- Detecting and Exploiting XSS Injections using XSSer Tool
- 练习用基础SQL语句
- VB.NET 几种命名方法总结 章鱼哥出品
- 每天进步一点点_抽奖程序
- Javascript刷新页面的几种方法
- 碰撞检测
- java之10进制转换2,8,16进制
- Android的SDK与ADT不匹配问题
- XSSer使用
