Not looking to re-invent the wheel, I'm looking for existing availability
of XSS code to "gather" and "exploit" XSS tests as part of a pen-test.
I'm aware of the following
* AttackAPI
* W3AF
* XSSDB (the link is not working for some reason), is there a cached version?
* rsnake cheatsheet
* xss me (firefox plugin)
Looking for a framework that I can use/build on, I have my own webservers/cgi available
to grab session cookies, etc, but I'd like to see what frameworks already exist.
Not so much interested in how to check for XSS, but rather a way to exploit a given
XSS vulnerability if I have my own webserver and ability to write scripts to
actively take advantage of XSS as part of a pen-test.
of XSS code to "gather" and "exploit" XSS tests as part of a pen-test.
I'm aware of the following
* AttackAPI
* W3AF
* XSSDB (the link is not working for some reason), is there a cached version?
* rsnake cheatsheet
* xss me (firefox plugin)
Looking for a framework that I can use/build on, I have my own webservers/cgi available
to grab session cookies, etc, but I'd like to see what frameworks already exist.
Not so much interested in how to check for XSS, but rather a way to exploit a given
XSS vulnerability if I have my own webserver and ability to write scripts to
actively take advantage of XSS as part of a pen-test.
------------------------------------------------------------------------
This list is sponsored by: Cenzic
Security Trends Report from Cenzic
Stay Ahead of the Hacker Curve!
Get the latest Q2 2008 Trends Report now
www.cenzic.com/landing/trends-report
------------------------------------------------------------------------
[ reply ]