Home
Latest images
Search
Register
Log inAdding XSSF to Metasploit Framework
Page 1 of 1
Adding XSSF to Metasploit Framework
andry Fri Nov 19, 2010 1:27 am
The XSS Framework (XSSF) is able to manage victims of a generic XSS attack and hold an already existing connection in order to allow future attacks.
After injection of the generic attack (resource "loop" generated by XSSF), each victim will ask the attack server (every "x" seconds) if new commands are available:
Simple Script/HTML execution (XSSF auxiliary modules) on targeted victim or group of victims
MSF Exploit execution on targeted victim
XSS Tunnel with targeted victim
The advantage of having the project built within the Metasploit Framework is the ability to run exploits (on browsers for example) already included in MSF. In addition, new exploits can be executed on old victims already linked to the attack server.
Unlike the existing projects (BeEF, XeeK, XSSShell/XSSTunnel), XSSF gives the possibility to simply add and run attacks (adding modules), and execute already existing MSF exploit without installing third-party solutions (server, database ... [which are already provided by Ruby/MSF]). In addition, the ability to create XSS tunnels with targeted victims is a real advantage knowing that only XSSShell/XSSTunnel manages it but is not portable (ASP.NET).
More info: http://www.metasploit.com
After injection of the generic attack (resource "loop" generated by XSSF), each victim will ask the attack server (every "x" seconds) if new commands are available:
Simple Script/HTML execution (XSSF auxiliary modules) on targeted victim or group of victims
MSF Exploit execution on targeted victim
XSS Tunnel with targeted victim
The advantage of having the project built within the Metasploit Framework is the ability to run exploits (on browsers for example) already included in MSF. In addition, new exploits can be executed on old victims already linked to the attack server.
Unlike the existing projects (BeEF, XeeK, XSSShell/XSSTunnel), XSSF gives the possibility to simply add and run attacks (adding modules), and execute already existing MSF exploit without installing third-party solutions (server, database ... [which are already provided by Ruby/MSF]). In addition, the ability to create XSS tunnels with targeted victims is a real advantage knowing that only XSSShell/XSSTunnel manages it but is not portable (ASP.NET).
More info: http://www.metasploit.com
andry- Moderator
- Posts : 467
Join date : 2010-05-07
Similar topics» Secure Web Application Framework Manifesto v0.08
» Beef - v0.4.2-alpha Browser Exploitation Framework
» Metasploit OWC ActiveX Exploit
» Advisory To Exploit Using Metasploit
» Armitage - Cyber Attack Management for Metasploit
» Beef - v0.4.2-alpha Browser Exploitation Framework
» Metasploit OWC ActiveX Exploit
» Advisory To Exploit Using Metasploit
» Armitage - Cyber Attack Management for Metasploit
Page 1 of 1
Permissions in this forum:
You cannot reply to topics in this forum|
|
|