In the first three installments of this series we examined several advanced cross-site scripting (XSS) exploitation options:
- Keystroke logging
- Phishing through content replacement
- Port scanning
In other words, the AttackAPI simplifies the amount of code required to gather information about the compromised client, launch phishing attacks and port scans, and control an army of zombie browsers. The AttackAPI is just that, a programmer's toolkit to simplify attacks against compromised clients. However, while the AttackAPI is quite useful, it has not been updated in several years.
In conclusion, all of these tools can be used to launch advanced XSS attacks like those discussed during the first three installments of this series. Indeed, XSS is far more dangerous than one of those silly alert boxes, wouldn't you say? BAM!
P.S. No superhero canines were harmed during the composition of this blog post.