Hackers of India

Detecting and Exploiting XSS Vulnerabilities and Xenotix XSS Exploitation Framework

By  Ajin Abraham  on 01 Mar 2013 @ Nullcon

This talk covers following tools where the speaker has contributed or authored
XENOTIX XSS EXPLOIT FRAMEWORK

Presentation Material

Presentation

OWASP Xenotix XSS Exploit Framework v3 : Nullcon Goa 2013 from Ajin Abraham

Video


 

Abstract

Xenotix XSS Exploit Framework is a penetration testing tool to detect and exploit XSS vulnerabilities in Web Applications. This tool can inject codes into a webpage which are vulnerable to XSS. It is basically a payload list based XSS Scanner and XSS Exploitation kit. It provides a penetration tester the ability to test all the XSS payloads available in the payload list against a web application to test for XSS vulnerabilities. The tool supports both manual mode and automated time sharing based test modes. The exploitation framework in the tool includes a XSS encoder, a victim side XSS keystroke logger, an Executable Drive-by downloader and a XSS Reverse Shell. These exploitation tools will help the penetration tester to create proof of concept attacks on vulnerable web applications during the creation of a penetration test report.