XSSF - Cross-Site Scripting Framework


XSSF is an amazing tool that is designed to make the XSS vulnerability exploitation an easy task. 

It provides a powerful documented API, which facilitates the development of modules and attacks. Its integration into the Metasploit Framework allows users to launch MSF browser based exploits very easily.

XSSF allows creating a communication channel with the targeted browser (from an XSS vulnerability).

Installation Instructions

1. Download the latest Metasploit Framework (MSF) release.

2. Install Metasploit Framework.

3. Update Ruby if not already done.

4. Download XSSF (download links are at the end of this article).

5. Copy and paste all downloaded files into the Metasploit folder.


XSSF Basics: Install (Kali-1.0) & Use:


Simple XSSF attack (Stealing file on Xperia X10):


Launching MSF exploit through XSSF (CVE-2010-2568):


XSSF Tunnel (Surfing through targeted browser):










No comments

Powered by Blogger.