Monday, July 19, 2010

Shell of the Future – Reverse Web Shell Handler for XSS Exploitation

Shell of the Future is a Reverse Web Shell handler. It can be used to hijack sessions where JavaScript can be injected using Cross-site Scripting or through the browser's address bar. It makes use of HTML5's Cross Origin Requests and can bypass anti-session hijacking measures like Http-Only cookies and IP address-Session ID binding.

It can be used to:
Demonstrate the severity of XSS and JavaScript injection attacks
Create POCs for XSS vulnerabilities in Penetration test reports
Run automated scans on internal websites from outside by tunneling the traffc through an internal browser

For download and more info check

No comments: