linux poison RSS
linux poison Email

Testing Cross Site Scripting Vulnerability - XSSer

Cross-site scripting (XSS) is a type of computer security vulnerability typically found in Web applications that enables attackers to inject client-side script into Web pages viewed by other users.

A cross-site scripting vulnerability may be used by attackers to bypass access controls such as the same origin policy. Cross-site scripting carried out on websites accounted for roughly 80% of all security vulnerabilities documented by Symantec as of 2007. Their effect may range from a petty nuisance to a significant security risk, depending on the sensitivity of the data handled by the vulnerable site and the nature of any security mitigation implemented by the site's owner.

XSSer is an open source penetration testing tool that automates the process of detecting and exploiting XSS injections against different applications.

It contains several options to try to bypass certain filters, and various special techniques of code injection.

XSSer Features
 * Added “final remote injections” option
 * Cross Flash Attack!
 * Cross Frame Scripting
 * Data Control Protocol Injections
 * Base64 (rfc2397) PoC
 * OnMouseMove PoC
 * Browser launcher
 * New options menu
 * Pre-check system
 * Crawler spidering clones
 * More advanced statistics system
 * “Mana” ouput results

XSSer Installation:
Download the .deb file for Xsser from here,
Extract it using command - tar -zxvf xsser_1.5-1_all.deb.tar.gz this will generate the xsser_1.5-1_all.deb

Double-click on this .deb file to install it on to your Ubuntu system

After successful installation, you can open the Xsser UI from Application > System Tools > Xsser




0 comments:

Post a Comment

Related Posts with Thumbnails