martes, 8 de marzo de 2011

XSSER

XSSER es un framework que permite detectar y explotar vulnerabilidades del tipo XSS.
Esta herramienta de PenTest, permite automatizar el proceso de detección y explotación de inyecciones XSS contra diferentes aplicaciones.


http://xsser.sourceforge.net/xsser/Xsser_sm.png


Funcionalidades:


  • Added attack payloads to fuzzer (26 new injections).
  • Added POST connections. Now you can inject on webforms.
  • Added Statistics reports with data about efficiency, connections, vectors, etc..
  • Added URL Shorteners. Now is possible to have valid results in short links. for the moment support tinyurl and is.gd. your "malicious" code ready to share!!
  • Added IP Octal spoofing for fuzzing vectors. Your remote/local IPs encoded in Octal.
  • Added Post-processing payloading. When you see have a valid "hole/payload", you can say to XSSer to prepare the real code that you want to inject. this options is perfect for real attacks.
  • Added DOM Shadows. For this version, this implementation is a server side anti-logging feature. You can inject code using Document Objet Model eval function, to evade some possible server IDS's.
  • Added Cookie injector: Now is possible to inject code on HTTP Cookie parameters automatically.
  • Added Browser DoS (Denegation of Service).



Download Oficial:
http://xsser.sourceforge.net/

.
Publicado por Mauro en 7:00
Etiquetas: , ,

No hay comentarios:

Publicar un comentario

Suscribirse a: Enviar comentarios (Atom)