•        0

XSS-Proxy is a tool for leveraging Cross-Site-Scripting (XSS) flaws to hijack victim browsers and allows a bi-directional interactive control channel between attacker, victim browser and an XSS vulnerable site.




comments powered by Disqus

Related Projects

Proxystrike - Active web application proxy

My new security blog @ http://deesec.com/ NEW Plugins Howto ProxyStrike v2.1 is an active Web Application Proxy. It's a tool designed to find vulnerabilities while browsing an application. It was created because the problems we faced in the pentests of web applications that depends heavily on Javascript, not many web scanners did it good in this stage, so we came with this proxy. Right now it has available Sql injection and XSS plugins. Both plugins are designed to catch as many vulnerabilities

Websecuritynotebook - Web Security Notebook

The Internet is one of the most pervasive technologies created in the last century. The hacker community knows about the web's reach and will take advantage of web application vulnerabilities. This cookbook web security project provides example tips, tools and utilities to aid against cross-site scripting attacks, injection attacks and other types of attacks. Note: we do not support illegal activity. Table of ContentsTable of ContentsProject ToolsBrowse SVN RepositoriesLegal IssuesResources Proj

Iframe-xdr - Javascript module for cross-subdomain requests via iframes

iframe-xdr provides an easy javascript interface for issuing asynchronous requests between web pages living on different subdomains within the same base domain. This solution - an implementation of the so-called iframe hack - only requires the user to apply a <script> tag to a page in the adjacent subdomain. It is a convenient alternative to proxies, crossdomain.xml, and cross-origin resource sharing. InstallationFrom alpha.domain.com, simply insert the following script tag on an existing or new


Skavenger analyzes HTTP traffic logged by various Web proxies (including WebScarab and Burp) for indications of common web vulnerabilities such as XSS, CRLF injection and various kinds of information disclosure.

Blackboard-cas - CAS-based single sign-on backend for Blackboard

CAS 2.0 Authentication for Blackboardblackboard-cas is a CAS authentication module for Blackboard. It utilizes the CAS 3.1 client library in order to connect to CAS 2.x/3.x servers (using the CAS 2.0 protocol). blackboard-cas is based on CasAuthenticationModule, developed by the University of Bristol. ConfigurationBefore building, you should edit the settings in build.properties. Settings include: blackboard.home: The path to your Blackboard instance. blackboard.java.home: The path to the JDK us

Proxy-revealer - Attempts to determine someone&#39;s &quot;real&quot; IP address, using a myriad of

This is a port of Proxy Revealer 2.0.1 MOD (phpBB2) to phpBB3. Attempts to determine someone's "real" IP address, using a myriad of techniques, and "blocks" such people. Original techniques included XSS, Java, and X_FORWARDED_FOR checks. In this port, Flash has been added as yet another unmasking technique. There maybe additional techniques added on later. Features: HTTP(S)/SOCKS Proxy Detection by Flash and Java applet techniques, and optional blocking. Optional blocking of transparent HTTP Pro

Jinger - Web Development QA API

jingerWeb Development QA API Description: An extensible proxy server for internally directed XSS / CSRF attacks for the purpose of testing web applications. 200904181845 - Updated the code and now have a rudimentary system working. By pointing a browser to the proxy server provided in this package, one has the ability to control the browser remotely via java and javascript. More details to come as I work out some of the kinks and start generalizing the code. 200904011250 - Radical rethinking occ

Wfuzz - Web application bruteforcer

Wfuzz is a tool designed for bruteforcing Web Applications, it can be used for finding resources not linked (directories, servlets, scripts, etc), bruteforce GET and POST parameters for checking different kind of injections (SQL, XSS, LDAP,etc), bruteforce Forms parameters (User/Password), Fuzzing,etc. It's very flexible, here are some functionalities: Multiple Injection points capability with multiple dictionaries Recursion (When doing directory bruteforce) Post, headers and authentication data

Webslayer - Web application bruteforcer

WebSlayer is a tool designed for brute forcing Web Applications, it can be used for finding resources not linked (directories, servlets, scripts,files, etc), brute force GET and POST parameters, bruteforce Forms parameters (User/Password), Fuzzing, etc. The tools has a payload generator and an easy and powerful results analyzer. You can perform attacks like: Predictable resource locator, recursion supported (Discovery) Login forms brute force Session brute force Parameter brute force Parameter f

Ratproxy - passive web application security assessment tool

ratproxyA semi-automated, largely passive web application security audit tool, optimized for an accurate and sensitive detection, and automatic annotation, of potential problems and security-relevant design patterns based on the observation of existing, user-initiated traffic in complex web 2.0 environments. Detects and prioritizes broad classes of security problems, such as dynamic cross-site trust model considerations, script inclusion issues, content serving problems, insufficient XSRF and XS