Jump to content
Nytro

XSSer

Recommended Posts

Introduction:

Cross Site "Scripter" (aka XSSer) is an automatic -framework- to detect, exploit and report XSS vulnerabilities in web-based applications.

It provides several options to try to bypass certain filters and various special techniques for code injection.

----------

XSSer has pre-installed [ > 1300 XSS ] attacking vectors and can bypass-exploit code on several browsers/WAFs:

- [PHPIDS]: PHP-IDS
- [Imperva]: Imperva Incapsula WAF
- [WebKnight]: WebKnight WAF
- [F5]: F5 Big IP WAF
- [Barracuda]: Barracuda WAF
- [ModSec]: Mod-Security
- [QuickDF]: QuickDefense
- [Chrome]: Google Chrome
- [IE]: Internet Explorer
- [FF]: Mozilla's Gecko rendering engine, used by Firefox/Iceweasel
- [NS-IE]: Netscape in IE rendering engine mode
- [NS-G]: Netscape in the Gecko rendering engine mode
- [Opera]: Opera

Current version:

XSSer The Hive

Download:


Captures:

URL/Hash Generation Schema:

XSSer The Hive!
+Zoom
Shell:

XSSer The Hive!
+Zoom
Manifesto:

XSSer The Hive!
+Zoom
Configuration:

XSSer The Hive!
+Zoom
Bypassers:

XSSer The Hive!
+Zoom
GeoMap:

XSSer ZiKA-47 Swarm
+Zoom

Documentation:

  • 2012 at RootedCon | [ Slides: "XSSer - The Cross Site Scripting framework": Spanish ] - [ Video: Spanish ]
  • 2011 at THSF'11 | [ Slides: "XSSer - The Mosquito": English ]
  • 2009 at Cyberspace | [ Paper: "XSS for fun and profit": English | Spanish ]

Installation:

XSSer runs on many platforms. It requires Python and the following libraries:

  • python-pycurl - Python bindings to libcurl
  • python-xmlbuilder - create xml/(x)html files - Python 2.x
  • python-beautifulsoup - error-tolerant HTML parser for Python
  • python-geoip - Python bindings for the GeoIP IP-to-country resolver library

 

On Debian-based systems (ex: Ubuntu), run:

sudo apt-get install python-pycurl python-xmlbuilder python-beautifulsoup python-geoip


Source Code:

Xsser can be cloned from different code respositories. This option is a good idea if you want to [ --update ] automatically the tool, every some time.

+Official:

https://code.03c8.net/epsylon/xsser

ex: git clone https://code.03c8.net/epsylon/xsser

+Mirror:

https://github.com/epsylon/xsser

ex: git clone https://github.com/epsylon/xsser


Packages:

XSSer v1.7.2b: "ZiKA-47 Swarm!" :

 

---------------------

XSSer v1.6: "Grey Swarm!":

 

---------------------

XSSer v1.5: "Swarm Edition!":

 

---------------------

XSSer v1.0: "The mosquito":

 


License:

XSSer is released under the terms of the General Public License v3 and is copyrighted by psy.


Support:

This framework is actively looking for new sponsors and funding. If you or your organization has an interest in keeping XSSer, please contact directly.

 

 

For donations: [ BTC:19aXfJtoYJUoXEZtjNwsah2JKN9CK5Pcjw ]

 

Sursa: https://xsser.03c8.net/

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.



×
×
  • Create New...