XSS Shell

0.3.9 GPL (GNU General Public License)    
4.0/5 1
XSS Shell script is a powerful XSS backdoor.




XSS Shell script is a powerful XSS backdoor. XSS Shell allows interactively getting control over a Cross-site Scripting (XSS) vulnerability in a web application.

It demonstrates the real power and damage of Cross-site Scripting attacks.

What's New in This Release:

Regenerating Pages

· This is one of the key and advanced features of XSS Shell. XSS Shell re-renders the infected page and keep user in virtual environment. Thus even user click any links in the infected page he or she will be still under control! (within cross-domain restrictions) In normal XSS attacks when user leaves the page you can't do anything.
· Secondly this feature keeps the session open so even victim follow an outside link from infected page session is not going to timeout and you will be still in charge.


· Mouse Logger (click points + current DOM)

Built-in Commands:

- Get Keylogger Data
- Get Current Page (Current rendered DOM / like screenshot)
- Get Cookie
- Execute supplied javaScript (eval)
- Get Clipboard (IE only)
- Get internal IP address (Firefox + JVM only)
- Check victim's visited URL history
- DDoS
- Force to Crash victim's browser


· Keylogger is not working on IE
· Possibly not going to work for framed pages because of frame regeneration.
· Not working on Konqueror

What's New in This Release:

· Connection drop timeout check. If your XSS Shell server is down or connection dropped because of victim it'll try to repair itself.
· DoS and Crash commands added
Last updated on April 5th, 2007

0 User reviews so far.