download
- xsstunnelling-video.zipMD5: D41D8CD98F00B204E9800998ECF8427E
SHA1:DA39A3EE5E6B4B0D3255BFEF95601890AFD80709 - XSS-Tunnelling.pdfMD5: 6FC8C1B79FD57A8E351B1B1C8ECDBDB5
SHA1:4F14165D933A8603EC00319BAEBD2374D90F9020 - xssshell-xsstunnell.zipMD5: EFED769B21A8ABC6A86EC6B89FE3E805
SHA1:96E9FED8AA83DF6652AC64D6A04FAC1E49C9372D
screenshots
change logs
licence
summary
XSS Tunnel
What Is XSS Tunnelling?
XSS Tunnelling is the tunnelling of HTTP traffic through an XSS Channel to use virtually any application that supports HTTP proxies.
What Is XSS Tunnel?
XSS Tunnel is a standard HTTP proxy which sits on an attacker’s system. Any tool that is configured to use it will tunnel its traffic through the active XSS Channel on the XSS Shell server. The XSS Tunnel converts the request and responds transparently to validate the HTTP responses and XSS Shell requests.
Refer to XSS Tunnelling paper to read details.
Demonstration Video
Download XSS Tunnelling demonstration video. Video shows how to use XSS Tunnel to bypass NTLM by exploiting an example permanent XSS.
Download
Download package includes following files :
- Binary Release of XSS Tunnel v1.0.8
- .NET Solution + Source Code for XSS Tunnel v1.0.8
- XSS Tunnelling White Paper
- XSS Shell v0.6.2 Release (ASP files, database and documentation)
Last Updated : 02/04/2008 15:12:53
Related Applications
- BSQL brute forcer V2Updated version of the Blind SQL Injection Brute Forcer from www.514.es. Works against PostgreSQL, MySQL, MSSQL and Oracle and supports custom SQL Queries.
- BSQL HackerBSQL (Blind SQL) Hacker is an automated SQL Injection Framework / Tool designed to exploit SQL injection vulnerabilities virtually in any database.
- DoS Attacks Using SQL WildcardsThis paper discusses abusing Microsoft SQL Query wildcards to consume CPU in database servers. This can be achieved using only the search field present in most common web applications.
- Flash Security
- HeaderCheckHeaderCheck is a python script used to check the security settings of various headers returned by web servers.
- hoppyHTTP options prober and information disclosure scanner
- How to Detect and Exploit 99% of XSS Vulnerabilities
- Insecure Trends in Web 2.0 Applications
- Web Application Password Reset Good Practice GuideOver the years of application testing we have seen many bad password reset implementations, so we have put together a good practice guide to help design a secure process for your applications
