Hackers of India

Detecting and Exploiting XSS with Xenotix XSS Exploit Framework

By Ajin Abraham on 01 Dec 2012 @ Clubhack
📊 Presentation 📹 Video 🔗 Link
xss redteam web
Focus Areas: Penetration Testing , Web Application Security
This talk covers following tools where the speaker has contributed or authored
XENOTIX XSS EXPLOIT FRAMEWORK

Presentation Material

Presentation

Video

AI Generated Summary (may contain errors)

Here is a summarized version of the content:

The speaker demonstrates a tool for scanning websites for vulnerabilities, specifically Cross-Site Scripting (XSS). They show how to use the tool to test a website’s parameters and identify potential vulnerabilities. The demo includes:

  1. Scanning a website for XSS vulnerabilities using a URL and protocol.
  2. Specifying a variable to test, to identify potential injection points.
  3. Using automated mode to test payloads against the website.
  4. Implementing an access scale to switch between different IP addresses.
  5. Starting a server and specifying a reverse IP address.
  6. Generating injectable scripts using a keylogger.
  7. Demonstrating a drive-by download implementation.

The speaker also discusses future plans for the tool, including:

  1. Supporting multiple browser engines (e.g., WebKit, Firefox).
  2. Implementing post parameter support.
  3. Creating an access detection framework.
  4. Testing headers for access detection.
  5. Implementing access proxy and DDOS attacks.

The tool is free and open-source, making it accessible to security analysts for vulnerability hunting and proof-of-concept creation.