Video Screencast Help
Search Video Help Close Back
to help

Getting Sassy With XSS Part 4 – Advanced Tools

Created: 27 Aug 2012
vince_kornacki's picture
vince_kornacki Symantec Employee
0 0 Votes
Login to vote

In the first three installments of this series we examined several advanced cross-site scripting (XSS) exploitation options:

  • Keystroke logging
  • Phishing through content replacement
  • Port scanning

However, writing extensive JavaScript code for every new XSS attack vector would become quiet tiresome, wouldn't it?  So what's the solution? There's no need to fear, Underdog is here! Contrary to public knowledge, Underdog is actually a skilled hacker and always tucks three trusty XSS exploitation tools under his cape: 

  • AttackAPI
The AttackAPI "provides simple and intuitive programmable interface for composing attack vectors with JavaScript and other client and server related technologies" (http://www.gnucitizen.org/blog/attackapi/).
 
In other words, the AttackAPI simplifies the amount of code required to gather information about the compromised client, launch phishing attacks and port scans, and control an army of zombie browsers. The AttackAPI is just that, a programmer's toolkit to simplify attacks against compromised clients. However, while the AttackAPI is quite useful, it has not been updated in several years.
 
http://code.google.com/p/attackapi/
  • XSS-Proxy
According to the author, this tool "allows an attacker to establish a persistent, bi-directional control/transfer channel to an XSS victim" and "have almost total control of the victim's browser against the XSS site with the ability to redirect to other XSS vulnerable sites or forward specific blind requests to other servers" (http://xss-proxy.sourceforge.net/Advanced_XSS_Control.txt). I don't know what all that means, but it sounds pretty wicked. Seriously though, XSS-Proxy was one of the first well known tools that allowed attackers to control an army of zombie browsers. However, while XSS-Proxy is quite useful, it has not been updated in several years and is not as polished as another meatier tool (you will soon understand this clever pun).
 
http://xss-proxy.sourceforge.net/

 

  • BeEF
In my humble opinion, BeEF (the Browser Exploitation Framework) is the most polished of Underdog's trusty XSS tools. Plus BeEF has a sharp logo. Check it out at http://www.beefproject.com/. Who wouldn't be scared of that vicious looking bull? And did you catch the BeEF download link? Got BeEF? How cool is that? But alas, I digress.
 
BeEF "will hook one or more web browsers and use them as beachheads for launching directed command modules and further attacks against the system from within the browser context" (http://www.beefproject.com/). The BeEF tool boasts a slick interface and modular approach. BeEF modules can execute arbitrary JavaScript commands, send arbitrary web requests, install malicious software, and even steal clipboard contents. Port scanning modules include the ability to balance external portscans across a zombie army. And inter-protocol modules allow attackers to launch attacks against other services on the local host. Used in this manner, BeEF is like a local Metasploit instance exploited through an XSS vulnerability. BeEF even sports a YouTube page packed with presentations and demonstrations at http://www.youtube.com/user/TheBeefproject.
 
http://www.beefproject.com/

 
In conclusion, all of these tools can be used to launch advanced XSS attacks like those discussed during the first three installments of this series. Indeed, XSS is far more dangerous than one of those silly alert boxes, wouldn't you say? BAM!
 
P.S. No superhero canines were harmed during the composition of this blog post.

Blog Entry Filed Under:
,