What is XSS Shell FOR LINUX?
XSS Shell FOR LINUX
XSS Shell script is a powerful XSS backdoor that allows interactively gaining control over a Cross-site Scripting (XSS) vulnerability in a web application. It showcases the real power and damage of Cross-site Scripting attacks.
Features:
- XSS Shell re-renders the infected page and keeps the user in a virtual environment, maintaining control even if the user clicks on links within the infected page (within cross-domain restrictions).
- Session remains open, preventing timeouts even if the victim follows an external link from the infected page, ensuring continual control.
- Mouse Logger captures click points and the current DOM.
- Functionality includes getting Keylogger Data, Current Page (Current rendered DOM / like screenshot), Cookie, executing supplied JavaScript (eval), getting Clipboard (IE only), acquiring internal IP address (Firefox + JVM only), checking victim's visited URL history, initiating DDoS, and forcing a crash on the victim's browser.
Limitations:
- Keylogger does not work on IE.
- May not function for framed pages due to frame regeneration.
- Not compatible with Konqueror.
What's New in This Release:
- Connection drop timeout check implemented to repair the server if the XSS Shell server is down or the connection is dropped due to the victim.
- DoS and Crash commands added for enhanced capabilities.
