Metasploit with XSSF, from the pop-up window to the right to lift

Http://www.myhack58.com/Article/html/3/8/2012/36261.htm

XSSF Brief Introduction

The Cross-site Scripting Framework (XSSF) is a security tool that makes it very easy to take advantage of cross-site scripting (XSS) vulnerabilities. The main purpose of the XSSF project is to demonstrate the actual harm of XSS.

Now, let's talk about my process.

First download the XSSF in BT5

Then go to its folder to see, there is a readme, open to see what needs to be done next. Copy all files to MSF3.

And then look at the plugin library under MSF3 There's no xssf.rb

Everything OK after we load XSSF in MSF

After a successful load, let's help and see what XSSF's command is.

I believe that reading the notes will understand what is going on, and then go on to the following.

Let's take a look at the code that needs to be inserted in XSSF. Here I'm inserting a link in the XSSF test page (open this test.html to see)

The test is then done in DVWA.

After inserting the test code, we return to Metasploit to see how much exp the XSS can take advantage of. (The first thing to understand is that the XSS Insert code page to keep active state, so consider the success rate) Here I use alert to do the demo.

After the Show options, enter the relevant parameters and run.

Then return to XP to see a pop-up window (after all, I still use to play the window, alas)

In fact, here can also use some browser-oriented hole for more in-depth testing, get meterpreter after the right, intranet infiltration and so on, but I failed, this is the tragedy of this article. If you have a study of the next experiment, you can talk about it.