View Issue Details

Jump to NotesJump to History
IDProjectCategoryView StatusDate SubmittedLast Update
0000159Kali LinuxNew Tool Requestspublic2013-03-22 09:272013-06-07 14:03
Reportersaberzaid Assigned Todookie  
PrioritynormalSeverityminorReproducibilityhave not tried
Status closedResolutionnot fixable 
Summary0000159: XSSF - Cross-Site Scripting Framework v.3.0
Description

The Cross-Site Scripting Framework (XSSF) is a security tool designed to turn the XSS vulnerability exploitation task into a much easier work. The XSSF project aims to demonstrate the real dangers of XSS vulnerabilities, vulgarizing their exploitation. This project is created solely for education, penetration testing and lawful research purposes.

XSSF allows creating a communication channel with the targeted browser (from a XSS vulnerability) in order to perform further attacks. Users are free to select existing modules (a module = an attack) in order to target specific browsers.

XSSF provides a powerfull documented API, which facilitates development of modules and attacks. In addition, its integration into the Metasploit Framework allows users to launch MSF browser based exploit easilly from an XSS vulnerabili

download:

https://code.google.com/p/xssf/downloads/list

video on the tool and how to use it on kali

http://www.youtube.com/watch?v=AhUhOirEfTE

Activities

saberzaid

saberzaid

2013-03-22 10:29

reporter   ~0000177

xssf is stand alone tool , same as xsser , but it have more options, and feature then xssf , for example and its an addition feature , it can be integration into the Metasploit Framework allows users to launch MSF browser based exploit easilly from an XSS vulnerability , and the webgui, and the easy of use , please add this tool under web vulnerability scanner category

thank you devs for your hard work
dookie

dookie

2013-03-22 17:38

reporter   ~0000186

This looks like a good tool but we can't add it right away because it needs to be copied directly into the msf directory, which aptitude will not allow.
I will contact the developer to see if we can find a solution.
saberzaid

saberzaid

2013-03-22 18:28

reporter   ~0000187

no , no need to copied it into the msf , its just an addition feature, the tool can run as stand alone tool
dookie

dookie

2013-03-22 18:33

reporter   ~0000188

Installation instructions

Download the latest Metasploit Framework (MSF) release: http://www.metasploit.com/download/
Install the MSF with the choosen database (PostgreSQL, MySQL or SQLite3): https://community.rapid7.com/docs/DOC-1296
Update Ruby to 1.9 if not already done
Download XSSF from the SVN (svn export http://xssf.googlecode.com/svn/trunk/ XSSF) or from the last packaged version
Copy and paste all downloaded files into the Metasploit /msf3/ folder
Enjoy!
dookie

dookie

2013-03-22 18:34

reporter   ~0000189

I have emailed the author of XSSF and hope to hear back soon. I want to include XSSF in Kali so it will happen :)
dookie

dookie

2013-06-07 14:03

reporter   ~0000532

This can't be added to Kali until Metasploit allows importing libs from the ~/.msf4/ sub-directory. The author will need to try to get that solved from his end because the current method of installing it is impossible to do.

Thanks

Issue History

Date Modified Username Field Change
2013-03-22 09:27 saberzaid New Issue
2013-03-22 10:29 saberzaid Note Added: 0000177
2013-03-22 17:38 dookie Note Added: 0000186
2013-03-22 17:38 dookie Assigned To => dookie
2013-03-22 17:38 dookie Status new => assigned
2013-03-22 18:28 saberzaid Note Added: 0000187
2013-03-22 18:33 dookie Note Added: 0000188
2013-03-22 18:34 dookie Note Added: 0000189
2013-06-07 14:03 dookie Note Added: 0000532
2013-06-07 14:03 dookie Status assigned => closed
2013-06-07 14:03 dookie Resolution open => not fixable