Hackers of India

Detecting and Exploiting XSS with Xenotix XSS Exploit Framework

By  Ajin Abraham  on 01 Dec 2012 @ Clubhack

This talk covers following tools where the speaker has contributed or authored
XENOTIX XSS EXPLOIT FRAMEWORK

Presentation Material

Presentation

Detecting and exploiting XSS with Xenotix XSS Exploit Framework from Ajin Abraham

Video


 

AI Generated Summarymay contain errors

Here is a summarized version of the content:

The speaker demonstrates a tool for scanning websites for vulnerabilities, specifically Cross-Site Scripting (XSS). They show how to use the tool to test a website’s parameters and identify potential vulnerabilities. The demo includes:

  1. Scanning a website for XSS vulnerabilities using a URL and protocol.
  2. Specifying a variable to test, to identify potential injection points.
  3. Using automated mode to test payloads against the website.
  4. Implementing an access scale to switch between different IP addresses.
  5. Starting a server and specifying a reverse IP address.
  6. Generating injectable scripts using a keylogger.
  7. Demonstrating a drive-by download implementation.

The speaker also discusses future plans for the tool, including:

  1. Supporting multiple browser engines (e.g., WebKit, Firefox).
  2. Implementing post parameter support.
  3. Creating an access detection framework.
  4. Testing headers for access detection.
  5. Implementing access proxy and DDOS attacks.

The tool is free and open-source, making it accessible to security analysts for vulnerability hunting and proof-of-concept creation.