Research and Development

XSS Tunnel is a standard HTTP proxy which sits on an attacker’s system. Any tool that is configured to use it will tunnel its traffic through the active XSS Channel on the XSS Shell server.

What Is XSS Tunnelling?

XSS Tunnelling is the tunnelling of HTTP traffic through an XSS Channel to use virtually any application that supports HTTP proxies.

What Is XSS Tunnel?

XSS Tunnel is a standard HTTP proxy which sits on an attacker’s system. Any tool that is configured to use it will tunnel its traffic through the active XSS Channel on the XSS Shell server. The XSS Tunnel converts the request and responds transparently to validate the HTTP responses and XSS Shell requests.

Refer to XSS Tunnelling paper to read details.

Demonstration Video

Video shows how to use XSS Tunnel to bypass NTLM by exploiting an example permanent XSS.

Download

Download package includes following files:

  • Binary Release of XSS Tunnel v1.0.8
  • .NET Solution + Source Code for XSS Tunnel v1.0.8
  • XSS Tunnelling White Paper
  • XSS Shell v0.6.2 Release (ASP files, database and documentation)
Xsstunnelling-video
xsstunnelling-video.zip
February 5, 2014
6.7 MiB
MD5 hash: 68906b3ec511b2308e2342812330131d
Details
XSS-Tunnelling
XSS-Tunnelling.pdf
April 26, 2013
257.4 KiB
MD5 hash: 6fc8c1b79fd57a8e351b1b1c8ecdbdb5
Details

Request to be added to the Portcullis Labs newsletter

We will email you whenever a new tool, or post is added to the site.

Your Name (required)

Your Email (required)