The XSS Framework (XSSF) is able to manage victims of a generic XSS attack and hold an already existing connection in order to allow future attacks.
After injection of the generic attack (resource "loop" generated by XSSF), each victim will ask the attack server (every "x" seconds) if new commands are available:
Simple Script/HTML execution (XSSF auxiliary modules) on targeted victim or group of victims
MSF Exploit execution on targeted victim
XSS Tunnel with targeted victim
The advantage of having the project built within the Metasploit Framework is the ability to run exploits (on browsers for example) already included in MSF. In addition, new exploits can be executed on old victims already linked to the attack server.
Unlike the existing projects (BeEF, XeeK, XSSShell/XSSTunnel), XSSF gives the possibility to simply add and run attacks (adding modules), and execute already existing MSF exploit without installing third-party solutions (server, database ... [which are already provided by Ruby/MSF]). In addition, the ability to create XSS tunnels with targeted victims is a real advantage knowing that only XSSShell/XSSTunnel manages it but is not portable (ASP.NET).
More info: http://www.metasploit.com
Volut-ID | World News Articles
All news of interest and can provide an info for you, and so can assist in the search for new news.
About news gadgets, mobile phones
info about the latest mobile phone, from news, features, and the most mobile phone models in search of the world.
No response to “Adding XSSF to Metasploit Framework”
Leave a reply