XSS Shell

XSS Shell script is a powerful XSS backdoor. XSS Shell allows interactively getting control over a Cross-site Scripting (XSS) vulnerability in a web application.

It demonstrates the real power and damage of Cross-site Scripting attacks.

What's New in This Release:

Regenerating Pages

· This is one of the key and advanced features of XSS Shell. XSS Shell re-renders the infected page and keep user in virtual environment. Thus even user click any links in the infected page he or she will be still under control! (within cross-domain restrictions) In normal XSS attacks when user leaves the page you can't do anything.
· Secondly this feature keeps the session open so even victim follow an outside link from infected page session is not going to timeout and you will be still in charge.

Keylogger

· Mouse Logger (click points + current DOM)

Built-in Commands:

- Get Keylogger Data
- Get Current Page (Current rendered DOM / like screenshot)
- Get Cookie
- Execute supplied javaScript (eval)
- Get Clipboard (IE only)
- Get internal IP address (Firefox + JVM only)
- Check victim's visited URL history
- DDoS
- Force to Crash victim's browser

Limitations:

· Keylogger is not working on IE
· Possibly not going to work for framed pages because of frame regeneration.
· Not working on Konqueror

What's New in This Release:

· Connection drop timeout check. If your XSS Shell server is down or connection dropped because of victim it'll try to repair itself.
· DoS and Crash commands added