XSS-Proxy allows you to turn an XSS hole into a proxy to surf from the
users perspective, with some limitations. Will need modification to
be useful for anything other than a demo.
http://xss-proxy.sourceforge.net/
N
On Thu, Oct 9, 2008 at 10:47 AM, <lister (at) lihim (dot) org [email concealed]> wrote:
> Not looking to re-invent the wheel, I'm looking for existing availability
> of XSS code to "gather" and "exploit" XSS tests as part of a pen-test.
>
> I'm aware of the following
> * AttackAPI
> * W3AF
> * XSSDB (the link is not working for some reason), is there a cached version?
> * rsnake cheatsheet
> * xss me (firefox plugin)
>
> Looking for a framework that I can use/build on, I have my own webservers/cgi available
> to grab session cookies, etc, but I'd like to see what frameworks already exist.
>
> Not so much interested in how to check for XSS, but rather a way to exploit a given
> XSS vulnerability if I have my own webserver and ability to write scripts to
> actively take advantage of XSS as part of a pen-test.
>
> ------------------------------------------------------------------------
> This list is sponsored by: Cenzic
>
> Security Trends Report from Cenzic
> Stay Ahead of the Hacker Curve!
> Get the latest Q2 2008 Trends Report now
>
> www.cenzic.com/landing/trends-report
> ------------------------------------------------------------------------
users perspective, with some limitations. Will need modification to
be useful for anything other than a demo.
http://xss-proxy.sourceforge.net/
N
On Thu, Oct 9, 2008 at 10:47 AM, <lister (at) lihim (dot) org [email concealed]> wrote:
> Not looking to re-invent the wheel, I'm looking for existing availability
> of XSS code to "gather" and "exploit" XSS tests as part of a pen-test.
>
> I'm aware of the following
> * AttackAPI
> * W3AF
> * XSSDB (the link is not working for some reason), is there a cached version?
> * rsnake cheatsheet
> * xss me (firefox plugin)
>
> Looking for a framework that I can use/build on, I have my own webservers/cgi available
> to grab session cookies, etc, but I'd like to see what frameworks already exist.
>
> Not so much interested in how to check for XSS, but rather a way to exploit a given
> XSS vulnerability if I have my own webserver and ability to write scripts to
> actively take advantage of XSS as part of a pen-test.
>
> ------------------------------------------------------------------------
> This list is sponsored by: Cenzic
>
> Security Trends Report from Cenzic
> Stay Ahead of the Hacker Curve!
> Get the latest Q2 2008 Trends Report now
>
> www.cenzic.com/landing/trends-report
> ------------------------------------------------------------------------
>
>
------------------------------------------------------------------------
This list is sponsored by: Cenzic
Security Trends Report from Cenzic
Stay Ahead of the Hacker Curve!
Get the latest Q2 2008 Trends Report now
www.cenzic.com/landing/trends-report
------------------------------------------------------------------------
[ reply ]