Monday, August 23, 2010
XSSer v0.7a Black edition released
XSSer is an open source penetration testing tool that automates the process of detecting and exploiting XSS injections against different applications.
It contains several options to try to bypass certain filters, and various special techniques of code injection
- Added attack payloads to fuzzer (26 new injections).
- Added POST connections. Now you can inject on webforms.
- Added Statistics reports with data about efficiency, connections, vectors, etc..
- Added URL Shorteners. Now is possible to have valid results in short links. for the moment support tinyurl and is.gd. your "malicious" code ready to share!!
- Added IP Octal spoofing for fuzzing vectors. Your remote/local IPs encoded in Octal.
- Added Post-processing payloading. When you see have a valid "hole/payload", you can say to XSSer to prepare the real code that you want to inject. this options is perfect for real attacks.
- Added DOM Shadows. For this version, this implementation is a server side anti-logging feature. You can inject code using Document Objet Model eval function, to evade some possible server IDS's.
- Added Cookie injector: Now is possible to inject code on HTTP Cookie parameters automatically.
- Added Browser DoS (Denegation of Service). Yes!!. If you have a valid payload to inject, XSSer will prepare you a code for share with victims who "collapse" their browsers. DoS of client browser ready for play friend -scripter-