- xsstunnelling-video.zipMD5: D41D8CD98F00B204E9800998ECF8427E
- XSS-Tunnelling.pdfMD5: 6FC8C1B79FD57A8E351B1B1C8ECDBDB5
- xssshell-xsstunnell.zipMD5: EFED769B21A8ABC6A86EC6B89FE3E805
What Is XSS Tunnelling?
XSS Tunnelling is the tunnelling of HTTP traffic through an XSS Channel to use virtually any application that supports HTTP proxies.
What Is XSS Tunnel?
XSS Tunnel is a standard HTTP proxy which sits on an attacker’s system. Any tool that is configured to use it will tunnel its traffic through the active XSS Channel on the XSS Shell server. The XSS Tunnel converts the request and responds transparently to validate the HTTP responses and XSS Shell requests.
Refer to XSS Tunnelling paper to read details.
Download XSS Tunnelling demonstration video. Video shows how to use XSS Tunnel to bypass NTLM by exploiting an example permanent XSS.
Download package includes following files :
- Binary Release of XSS Tunnel v1.0.8
- .NET Solution + Source Code for XSS Tunnel v1.0.8
- XSS Tunnelling White Paper
- XSS Shell v0.6.2 Release (ASP files, database and documentation)
- BSQL brute forcer V2Updated version of the Blind SQL Injection Brute Forcer from www.514.es. Works against PostgreSQL, MySQL, MSSQL and Oracle and supports custom SQL Queries.
- BSQL HackerBSQL (Blind SQL) Hacker is an automated SQL Injection Framework / Tool designed to exploit SQL injection vulnerabilities virtually in any database.
- DoS Attacks Using SQL WildcardsThis paper discusses abusing Microsoft SQL Query wildcards to consume CPU in database servers. This can be achieved using only the search field present in most common web applications.
- Flash Security
- HeaderCheckHeaderCheck is a python script used to check the security settings of various headers returned by web servers.
- hoppyHTTP options prober and information disclosure scanner
- How to Detect and Exploit 99% of XSS Vulnerabilities
- Insecure Trends in Web 2.0 Applications
- Web Application Password Reset Good Practice GuideOver the years of application testing we have seen many bad password reset implementations, so we have put together a good practice guide to help design a secure process for your applications