Research and Development

What Is XSS Tunnelling?

XSS Tunnelling is the tunnelling of HTTP traffic through an XSS Channel to use virtually any application that supports HTTP proxies.

What Is XSS Tunnel?

XSS Tunnel is a standard HTTP proxy which sits on an attacker’s system. Any tool that is configured to use it will tunnel its traffic through the active XSS Channel on the XSS Shell server. The XSS Tunnel converts the request and responds transparently to validate the HTTP responses and XSS Shell requests.

Refer to XSS Tunnelling paper to read details.

Demonstration Video

Video shows how to use XSS Tunnel to bypass NTLM by exploiting an example permanent XSS.


Download package includes following files :

  • Binary Release of XSS Tunnel v1.0.8
  • .NET Solution + Source Code for XSS Tunnel v1.0.8
  • XSS Tunnelling White Paper
  • XSS Shell v0.6.2 Release (ASP files, database and documentation)

Request to be added to the Portcullis Labs newsletter

We will email you whenever a new tool, or post is added to the site.

Your Name (required)

Your Email (required)