xsser-users Mailing List for xsser
XSSer: Cross Site Scripter
Status: Beta
Brought to you by:
lordepsylon
Menu
▾
▴
xsser-users — XSSer mailing list
You can subscribe to this list here.
| 2010 |
Jan
|
Feb
|
Mar
(3) |
Apr
(1) |
May
(1) |
Jun
(1) |
Jul
(4) |
Aug
(2) |
Sep
(3) |
Oct
(6) |
Nov
(7) |
Dec
(2) |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2011 |
Jan
|
Feb
(1) |
Mar
(1) |
Apr
|
May
(1) |
Jun
|
Jul
|
Aug
(2) |
Sep
|
Oct
(4) |
Nov
(1) |
Dec
|
| 2012 |
Jan
(3) |
Feb
(1) |
Mar
(5) |
Apr
|
May
|
Jun
|
Jul
(2) |
Aug
|
Sep
(1) |
Oct
|
Nov
(1) |
Dec
(2) |
| 2013 |
Jan
|
Feb
|
Mar
(1) |
Apr
(14) |
May
(5) |
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
| 2014 |
Jan
(1) |
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
| 2016 |
Jan
|
Feb
(1) |
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
|
From: psy <ep...@ri...> - 2016-02-25 08:53:46
|
===========================================================================
XSSer v1.7b: "ZiKA-47 Swarm!" - 2011/2016 - (GPLv3.0) -> by psy
-----------
Cross Site "Scripter" is an automatic -framework- to detect, exploit and
report XSS vulnerabilities in web-based applications.
===========================================================================
\ \ %
Project site: \ \ LulZzzz! %
http://xsser.03c8.net %% \_\ %
\/ ( @.@) Bbzzzzz! %
\== < == %
Forum: / \_ == %
irc.freenode.net -> #xsser (') \ *=====%
/ / ========
===========================================================================
Total vectors: 578 = XSS: 558 + DCP: 4 + DOM: 5 + HTTPsr: 11
===========================================================================
Website: http://xsser.03c8.net
---------------------------
git clone https://github.com/epsylon/xsser-public
-------------------
- Download (.tar.gz): http://xsser.03c8.net/xsser/xsser_1.7-1.tar.gz ->
md5: a632d9461fc3f73ea3ba2a717b79f45a
- Download (.zip): http://xsser.03c8.net/xsser/xsser_1.7-1.zip -> md5:
1d29f647ec70dc68f927127fbfb1b519
- Torrent (.tar.gz):
http://xsser.03c8.net/xsser/xsser_1.7-1.tar.gz.torrent -> md5:
25f14e12455d832be37a2dca5355f70c
=======================0
Happy "Cross" Hacking ;-)
|
|
From: sujeet K. <suj...@gm...> - 2014-01-14 14:58:09
|
i want to join your team and thanks to add there ...... Sujeet Kumar |
|
From: psy <ro...@lo...> - 2013-05-27 21:56:37
|
http://www.google-melange.com/gsoc/projects/list/google/gsoc2013 |
|
From: psy <ro...@lo...> - 2013-05-18 14:23:55
|
> We need better results with our 6 proposals, because there are not slots > for all. ^^ Sorry to insist, but please, review and update your proposals a bit more. Remember that Google closes the process at 29th of May. Another interesting idea, can be to share directly on this mailing list: - your personal bitbucket fork of xsser - your advances on proposals Think that we need to gain some of the 11 slots that OWASP has assigned (and there are less, because ZAP project for example, will has 3 or 4). I think that we need a better strategy before proposals deadline finish. So, we will work like a team with all the proposals of each of you. I propose you to share your proposal here and review my opinion with the others. After that, each of you will can update the proposal with a common idea of the team, showing to others the interest and advances. This will be our secret ;-) Please, try it. |
|
From: psy <ro...@lo...> - 2013-05-09 17:00:36
|
Hi, XSSer is giving you some info: > [I] Target(s) response with different HTTP code to: 200 ... cannot > inject! :( > > Not injected!. Servers response with http-code different to: 200 OK (400) That means, that you are recieving a 400 HTTP Code. Try to apply a better build of the attack because the results looks normal. Not a bug. Cheers. > dismiss workers > Mothership landed > > Kindly reply with the solution. > > Regards > Abhay > > > > ------------------------------------------------------------------------------ > Learn Graph Databases - Download FREE O'Reilly Book > "Graph Databases" is the definitive new guide to graph databases and > their applications. This 200-page book is written by three acclaimed > leaders in the field. The early access version is available now. > Download your free book today! http://p.sf.net/sfu/neotech_d2d_may > > > > _______________________________________________ > Xsser-users mailing list > Xss...@li... > https://lists.sourceforge.net/lists/listinfo/xsser-users |
|
From: ABHAY S. <abh...@gm...> - 2013-05-09 07:29:36
|
I am getting following error for most of the webistes I try to use in XSSer. root@bt:/pentest/web/xsser# python xsser -u "http://testasp.vulnweb.com" =========================================================================== XSSer v1.5 (beta): "The Mosquito: Swarm Edition!" // (2010) - (Copyright - GPLv3.0) -> by psy =========================================================================== Testing [XSS from URL] injections... looks like your target is good defined ;) =========================================================================== =========================================================================== Target: http://testasp.vulnweb.com --> 2013-05-07 22:48:42.213607 =========================================================================== =========================================================================== [I] Target(s) response with different HTTP code to: 200 ... cannot inject! :( =========================================================================== ^[[B--------------------------------------------- [-] Hashing: eaa02e6b72f4d9b8dba9694bc6cfd4a2 [+] Trying: http://testasp.vulnweb.com/">eaa02e6b72f4d9b8dba9694bc6cfd4a2 [+] Browser Support: [IE7.0|IE6.0|NS8.1-IE] [NS8.1-G|FF2.0] [O9.02] Not injected!. Servers response with http-code different to: 200 OK (400) dismiss workers Mothership landed Kindly reply with the solution. Regards Abhay |
|
From: psy <ro...@lo...> - 2013-05-08 14:51:55
|
Hi, This year OWASP Project has 11 slots. Google will publish proposals that pass to next level on 27th May. http://www.google-melange.com/gsoc/document/show/gsoc_program/google/gsoc2013/help_page Please review your proposals again. I leave some comments on them and some other mentors do it also, but in a private way. We need better results with our 6 proposals, because there are not slots for all. ^^ I will try to be on IRC to support you. Kisses. On 29/04/13 13:39, psy wrote: > Hi, > > I updated OWASP XSSer wiki with some GSoC info: > > https://www.owasp.org/index.php/OWASP_XSSER#GSoC_2013_Proposal > > People is starting to read your proposals and to put some comments on > them. So, please, review it again: language, tasks explanations, > schemas, etc.. > > On 29/04/13 13:15, psy wrote: >> On 29/04/13 13:02, Faruk Uzun wrote: >>> Hello, >> >> Hi Faruk, >> >>> I thought I'd leave a message here to introduce myself and let you know >>> that I'm very interested in working with the XSSer for this year's GSoC. >> >> Yeah, you welcome! ;-) >> >>> I'm a second year computer science student at Canakkale Onsekiz Mart >>> University in Turkey. My programming language of choice is Python. I am >>> also quite familiar with web application security. >>> >>> I want to get familiar with source so could anyone suggest any >>> particular bug to solve or any patch to implement for. >> >> By the moment, we have 3 proposals on stage: >> >> - >> http://www.google-melange.com/gsoc/proposal/review/google/gsoc2013/mxprm/17001 >> >> - >> http://www.google-melange.com/gsoc/proposal/review/google/gsoc2013/badc0re/1 >> >> - >> http://www.google-melange.com/gsoc/proposal/review/google/gsoc2013/whenov/1 >> >> (Remember guys to review it) >> >> And you have the roadmap first proposal that I written, here: >> >> http://xsser.sourceforge.net/xsser/xsser-roadmap.pdf >> >>> Also I'm writing my proposal. I have read the roadmap and now, i am just >>> searching all the stages. Would you recommend me anything else please? >> >> You have until day 3th of May to upload it to Google Melange. >> >> Dependes of your skills and interests. XSSer has a core, but it has some >> different "modules" to work. For example, a crawlering engine, exporting >> methods, etc. >> >> We need to finish all the roadmap proposals plus ideas that you want to >> implement, so, first can be to decide which part do you prefer, or you >> see that you can do it relativelly easy. >> >> There are important things such as, to create a pentesting to the whole >> website (GET+POST+Crawlering) that works property. >> >> There are researching things such as, to implement new vectors (we need >> to have the best list of XSS vectors) or techniques... AntiIDS, >> Anti-AntiXSS methods, websockets experimental tasks, etc.. >> >>> -farukuzun (http://www.github.com/farukuzun) >>> >>> ------------------------------------------------------------------------------ >>> Try New Relic Now & We'll Send You this Cool Shirt >>> New Relic is the only SaaS-based application performance monitoring service >>> that delivers powerful full stack analytics. Optimize and monitor your >>> browser, app, & servers with just a few lines of code. Try New Relic >>> and get this awesome Nerd Life shirt! http://p.sf.net/sfu/newrelic_d2d_apr >>> _______________________________________________ >>> Xsser-users mailing list >>> Xss...@li... >>> https://lists.sourceforge.net/lists/listinfo/xsser-users >> > > > ------------------------------------------------------------------------------ > Try New Relic Now & We'll Send You this Cool Shirt > New Relic is the only SaaS-based application performance monitoring service > that delivers powerful full stack analytics. Optimize and monitor your > browser, app, & servers with just a few lines of code. Try New Relic > and get this awesome Nerd Life shirt! http://p.sf.net/sfu/newrelic_d2d_apr > _______________________________________________ > Xsser-users mailing list > Xss...@li... > https://lists.sourceforge.net/lists/listinfo/xsser-users |
|
From: psy <ro...@lo...> - 2013-04-29 11:42:59
|
Hi, I updated OWASP XSSer wiki with some GSoC info: https://www.owasp.org/index.php/OWASP_XSSER#GSoC_2013_Proposal People is starting to read your proposals and to put some comments on them. So, please, review it again: language, tasks explanations, schemas, etc.. On 29/04/13 13:15, psy wrote: > On 29/04/13 13:02, Faruk Uzun wrote: >> Hello, > > Hi Faruk, > >> I thought I'd leave a message here to introduce myself and let you know >> that I'm very interested in working with the XSSer for this year's GSoC. > > Yeah, you welcome! ;-) > >> I'm a second year computer science student at Canakkale Onsekiz Mart >> University in Turkey. My programming language of choice is Python. I am >> also quite familiar with web application security. >> >> I want to get familiar with source so could anyone suggest any >> particular bug to solve or any patch to implement for. > > By the moment, we have 3 proposals on stage: > > - > http://www.google-melange.com/gsoc/proposal/review/google/gsoc2013/mxprm/17001 > > - > http://www.google-melange.com/gsoc/proposal/review/google/gsoc2013/badc0re/1 > > - > http://www.google-melange.com/gsoc/proposal/review/google/gsoc2013/whenov/1 > > (Remember guys to review it) > > And you have the roadmap first proposal that I written, here: > > http://xsser.sourceforge.net/xsser/xsser-roadmap.pdf > >> Also I'm writing my proposal. I have read the roadmap and now, i am just >> searching all the stages. Would you recommend me anything else please? > > You have until day 3th of May to upload it to Google Melange. > > Dependes of your skills and interests. XSSer has a core, but it has some > different "modules" to work. For example, a crawlering engine, exporting > methods, etc. > > We need to finish all the roadmap proposals plus ideas that you want to > implement, so, first can be to decide which part do you prefer, or you > see that you can do it relativelly easy. > > There are important things such as, to create a pentesting to the whole > website (GET+POST+Crawlering) that works property. > > There are researching things such as, to implement new vectors (we need > to have the best list of XSS vectors) or techniques... AntiIDS, > Anti-AntiXSS methods, websockets experimental tasks, etc.. > >> -farukuzun (http://www.github.com/farukuzun) >> >> ------------------------------------------------------------------------------ >> Try New Relic Now & We'll Send You this Cool Shirt >> New Relic is the only SaaS-based application performance monitoring service >> that delivers powerful full stack analytics. Optimize and monitor your >> browser, app, & servers with just a few lines of code. Try New Relic >> and get this awesome Nerd Life shirt! http://p.sf.net/sfu/newrelic_d2d_apr >> _______________________________________________ >> Xsser-users mailing list >> Xss...@li... >> https://lists.sourceforge.net/lists/listinfo/xsser-users > |
|
From: psy <ro...@lo...> - 2013-04-29 11:19:52
|
On 29/04/13 13:02, Faruk Uzun wrote: > Hello, Hi Faruk, > I thought I'd leave a message here to introduce myself and let you know > that I'm very interested in working with the XSSer for this year's GSoC. Yeah, you welcome! ;-) > I'm a second year computer science student at Canakkale Onsekiz Mart > University in Turkey. My programming language of choice is Python. I am > also quite familiar with web application security. > > I want to get familiar with source so could anyone suggest any > particular bug to solve or any patch to implement for. By the moment, we have 3 proposals on stage: - http://www.google-melange.com/gsoc/proposal/review/google/gsoc2013/mxprm/17001 - http://www.google-melange.com/gsoc/proposal/review/google/gsoc2013/badc0re/1 - http://www.google-melange.com/gsoc/proposal/review/google/gsoc2013/whenov/1 (Remember guys to review it) And you have the roadmap first proposal that I written, here: http://xsser.sourceforge.net/xsser/xsser-roadmap.pdf > Also I'm writing my proposal. I have read the roadmap and now, i am just > searching all the stages. Would you recommend me anything else please? You have until day 3th of May to upload it to Google Melange. Dependes of your skills and interests. XSSer has a core, but it has some different "modules" to work. For example, a crawlering engine, exporting methods, etc. We need to finish all the roadmap proposals plus ideas that you want to implement, so, first can be to decide which part do you prefer, or you see that you can do it relativelly easy. There are important things such as, to create a pentesting to the whole website (GET+POST+Crawlering) that works property. There are researching things such as, to implement new vectors (we need to have the best list of XSS vectors) or techniques... AntiIDS, Anti-AntiXSS methods, websockets experimental tasks, etc.. > -farukuzun (http://www.github.com/farukuzun) > > ------------------------------------------------------------------------------ > Try New Relic Now & We'll Send You this Cool Shirt > New Relic is the only SaaS-based application performance monitoring service > that delivers powerful full stack analytics. Optimize and monitor your > browser, app, & servers with just a few lines of code. Try New Relic > and get this awesome Nerd Life shirt! http://p.sf.net/sfu/newrelic_d2d_apr > _______________________________________________ > Xsser-users mailing list > Xss...@li... > https://lists.sourceforge.net/lists/listinfo/xsser-users |
|
From: Faruk U. <far...@ma...> - 2013-04-29 11:03:12
|
Hello, I thought I'd leave a message here to introduce myself and let you know that I'm very interested in working with the XSSer for this year's GSoC. I'm a second year computer science student at Canakkale Onsekiz Mart University in Turkey. My programming language of choice is Python. I am also quite familiar with web application security. I want to get familiar with source so could anyone suggest any particular bug to solve or any patch to implement for. Also I'm writing my proposal. I have read the roadmap and now, i am just searching all the stages. Would you recommend me anything else please? -farukuzun (http://www.github.com/farukuzun) |
|
From: psy <ro...@lo...> - 2013-04-22 22:08:29
|
Hi, To all of you that are interested in GSoC2013, proposal submissions process to Google Melange is currently open: http://www.google-melange.com/gsoc/homepage/google/gsoc2013 Register. Search for XSSer, add yourself like student, and submit your ideas. I have an account like mentor that you can link it to be ready for next steps. Remember before to upload your text, to check correct format and language. Also try to explain as better as possible each part that you want to work on it. It will be nice to use some images or schemas. After all of you submit your ideas (you have 2 days more), I will check it each to see that all is correctly presented, and I will send results to GSoC OWASP Community organizer. Please try to be in touch with mailing list and update to the rest of the team with your advances. Cross Site Hacking time, is near. Cheers. |
|
From: psy <ro...@lo...> - 2013-04-21 18:43:05
|
Hi, Please guys remember that tomorrow (22th) begins the period of submissions to Google Melange. I have recieved one pdf from Dame, that looks that is ready to be presented. He added some ideas, such as: + improve XSSer: - Porting the XSS test cases from vectors.py, DOM.py... to XML or YAML format; benefits: o Better organization of Python files – only one content extractor for XML/YAML. o Better organization of updates – if there is a new XSS test case there won’t be any change to the Python files. - Additional modules like GeoIP or Beautiful Soup not to be additionally installed; benefits: o Without installation of needed modules (Beautiful Soup, GeoIP...) the portability and the usage might be increased because the tool will be enabled to work in environments where installing additional modules is restricted. - Detecting target technology (programming language, OS, type of web server) - Option for users to add their own XSS test cases – in a new file or already existing one, users can add their own customized XSS test cases. Congrats!! > What about hours?. Can you meet at tomorrow monday at 21:00h GMT+1? I will try to be tomorrow all day at IRC. > We will talk on this topics: > > - GSoC questions, ideas , proposals, etc > - XSSer review > - Roadmap sharing task and developments deadlines > - Next meeting Regards. |
|
From: Dame J. <dam...@gm...> - 2013-04-21 13:21:51
|
Hello I am Dame Jovanoski, post-graduate student from Macedonia. I am interested in pen-testing, exploit development my nickname is badc0re. Currently working in http://resources.infosecinstitute.com/author/dame-jovanoski/ as contributor. last year i was in CERN and i was developing scanning tool for detecting unpached web application. Exploits that i have discovered during my learning http://www.exploitsdownload.com/author/badc0re . I have lot of ideas that i want to share with you about XSSer. Best DJ |
|
From: psy <ro...@lo...> - 2013-04-17 10:42:14
|
Hi, Some of you guys are having some questions about how is an example of proposal. Here you have one from last year, very complete: http://www.google-melange.com/gsoc/proposal/review/google/gsoc2012/guifre/3006 I am on IRC for any questions. Cheers |
|
From: psy <ro...@lo...> - 2013-04-14 17:48:11
|
On 14/04/13 06:11, Bharadwaj Machiraju wrote: > Hi everyone, Hi Bharadawaj, Thanks and welcome to the XSSer team. I want to tell you guys, that it will be necessary to do a meeting all togheter via IRC. What about hours?. Can you meet at tomorrow monday at 21:00h GMT+1? We will talk on this topics: - GSoC questions, ideas , proposals, etc - XSSer review - Roadmap sharing task and developments deadlines - Next meeting > I am Bharadwaj Machiraju from India currently an undergrad at IIT (BHU), > Varanasi. I 'm 19 years old and I am a part time pentester and bug > hunter. I wish to contribute to XSSer through GSOC 13. I can code in > python. Die hard linux lunatic. > > I like to spend my time with web application security. Apart from that I > use python to automate some things, like I recenlty wrote a tool called > thedumpster which helps in open source recon against a target :) . > Hoping to work with you all. > > > Bharadwaj Machiraju, > http://www.tunnelshade.in/ > > > > ------------------------------------------------------------------------------ > Precog is a next-generation analytics platform capable of advanced > analytics on semi-structured data. The platform includes APIs for building > apps and a phenomenal toolset for data science. Developers can use > our toolset for easy data analysis & visualization. Get a free account! > http://www2.precog.com/precogplatform/slashdotnewsletter > > > > _______________________________________________ > Xsser-users mailing list > Xss...@li... > https://lists.sourceforge.net/lists/listinfo/xsser-users |
|
From: Bharadwaj M. <bha...@gm...> - 2013-04-14 04:11:29
|
Hi everyone, I am Bharadwaj Machiraju from India currently an undergrad at IIT (BHU), Varanasi. I 'm 19 years old and I am a part time pentester and bug hunter. I wish to contribute to XSSer through GSOC 13. I can code in python. Die hard linux lunatic. I like to spend my time with web application security. Apart from that I use python to automate some things, like I recenlty wrote a tool called thedumpster which helps in open source recon against a target :) . Hoping to work with you all. Bharadwaj Machiraju, http://www.tunnelshade.in/ |
|
From: psy <ro...@lo...> - 2013-04-11 01:27:29
|
Hi again, To start, I think that can be interesting to share some data about our communication channels. For example, this mailing list (remember, archive is public) can be good to generate some threads talking about tasks, ideas, questions, etc. To have "live" communications, we can use IRC: irc.freenode.net #xsser I think that can be a good political of work, to have some periodical reunions. For my side, I will try to be on IRC every day as I can. My personal jabber is: ep...@ja... And I am living on GMT+1. With a very nocturnal life ;-) Other accounts: - https://identi.ca/psy - https://twitter.com/lord_epsylon Maybe we can create a mumble room to listen us directly. This part, as you want. For me IRC is ok. At the end, of course, whatever question just tell me. Regards. |
|
From: psy <ro...@lo...> - 2013-04-11 01:08:39
|
Hi, > I have a few questions: how many team members will there be who work on > this project? What is the expected process of making a proposal? What > should we add other than the roadmap? By the moment we are 4 persons. I want to wait until tomorrow to begin with proposals, tasks, etc. Just for see if someone wants to work with us from the start. Really is not a problem, but is ok to have a regular line of developmnet. About "process of making a proposal", I sent you some docs. Actually, is the next step that we need to do. In that case, we will a have a virtual reunion (so for that we need to sincronize our personal agenda) to do a read of the roadmap togheter and try to add more ideas, transform others, etc. About last question. Not. thats the good think. I did the initial work about the team proposal, so, we only need to add ideas, or just start to see in which we are more nice and present it: https://www.owasp.org/index.php/GSoC2013_Ideas#OWASP_XSSer_Project > Thanks in advance! Thanks. > Daniel Bali > > > > ------------------------------------------------------------------------------ > Precog is a next-generation analytics platform capable of advanced > analytics on semi-structured data. The platform includes APIs for building > apps and a phenomenal toolset for data science. Developers can use > our toolset for easy data analysis & visualization. Get a free account! > http://www2.precog.com/precogplatform/slashdotnewsletter > > > > _______________________________________________ > Xsser-users mailing list > Xss...@li... > https://lists.sourceforge.net/lists/listinfo/xsser-users |
|
From: psy <ro...@lo...> - 2013-04-10 16:13:40
|
Hello, Firstly thanks so much for your interest. If some of you on the mailing list wants to partcipate, please this is the momento to concrete it. As you know, and now is confirmed, XSSer will be with OWASP on next GSOC2013. ;-) I put you a short message sent by Fabio Cerullo (an OWASP GSOC Administrator), that looks that is next step to start to work: "Could you please share the attached leaflet at universities and third level institutions? We are in the lookout of potential students to work on OWASP projects during the Google Summer of Code." For that, I need a bit more of information about you guys, to start to do all the documents necesaries to present you to the proposal. For me, is a pleasure to work with all of you, so, if you have any problem with the official proposal, for me will be not a problem really. I will share with you all the incomes or whatever, directly in proportion to the work. We will talk a bit more in deep about XSSer strategy of work, on next mailing list thread. I am trying to sintetize a bit ideas and methods to work togheter (IRC, jabber, voIP, etc..) By the moment, please check the GSoC2013 sites, and the XSSer OWASP proposition: - http://www.coreboot.org/GSoC - https://www.google-melange.com/gsoc/document/show/gsoc_program/google/gsoc2013/help_page?ModPagespeed=noscript - https://www.owasp.org/index.php/GSoC2013_Ideas#OWASP_XSSer_Project To complete it, I attached to this email a PDF from OWASP that explains some steps to do before to start to code. I hope that you will enjoy a lot with this experience. I was involved with Elgg.org project two years ago and was fantastic. So finally, thanks again, and be ready for: happy cross hacking! psy |
|
From: Meng D. <wh...@gm...> - 2013-04-09 18:36:08
|
Hello developers! My name is Meng Dong, 20 years old. I'm very interested in contributing to the XSSer Project in GSoC 2013. I'm a Chinese junior student, and I'm doing field work in a web security company now. So recently I've been learning various web security knowledge, such as XSS, CSRF, SQL injection and so on. I've read the source code of sqlmap, and submitted some codes to add the waf detection feature <https://github.com/sqlmapproject/sqlmap/pull/400>(whenov is me) to it, which had been merged into the master branch. I've also read wapiti's source code, which is less famous. XSSer is a wonderful tool, and I'm willing to make it perfect:-) Thanks. Meng Dong |
|
From: Dániel B. <bal...@gm...> - 2013-04-09 17:47:13
|
Hello! My name is Daniel Bali and I'm interested in applying to the "XSSer" Google Summer of Code project of OWASP. I'm 22 years old and I've just received my Bachelor's degree in January. I'm interested in web application security, reverse engineering, GPU programming, and many other things. As I saw there is a pretty clear image of what needs to happen in the scope of a GSoC project. I checked the roadmap and it has all the phases and steps that need to be completed. I have a few questions: how many team members will there be who work on this project? What is the expected process of making a proposal? What should we add other than the roadmap? Thanks in advance! Daniel Bali |
|
From: psy <ro...@lo...> - 2013-03-20 01:10:37
|
XSSer has been added to OWASP GSoC2013 ideas: https://www.owasp.org/index.php/GSoC2013_Ideas#OWASP_XSSer_Project On 06/12/12 03:49, mxprm wrote: > Hi > > Just to highlight two points > > What is the beneficial to students? > Well, besides a great experience and new knowledge, Google gives some > money to the ending of developing the idea proposed, this year was of > 5000 dollars, maybe be the same amount for next year. > > Collaborating with XSSer: > So participate or not of GSoC, I invite you to collaborate with this > great project, so we can grow and learn more as community > > Greetings > > > > ------------------------------------------------------------------------------ > LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial > Remotely access PCs and mobile devices and provide instant support > Improve your efficiency, and focus on delivering more value-add services > Discover what IT Professionals Know. Rescue delivers > http://p.sf.net/sfu/logmein_12329d2d > > > > _______________________________________________ > Xsser-users mailing list > Xss...@li... > https://lists.sourceforge.net/lists/listinfo/xsser-users |
|
From: mxprm <mxp...@gm...> - 2012-12-06 02:49:35
|
Hi Just to highlight two points What is the beneficial to students? Well, besides a great experience and new knowledge, Google gives some money to the ending of developing the idea proposed, this year was of 5000 dollars, maybe be the same amount for next year. Collaborating with XSSer: So participate or not of GSoC, I invite you to collaborate with this great project, so we can grow and learn more as community Greetings |
|
From: psy <ro...@lo...> - 2012-12-05 17:29:49
|
hi folks, maybe is a good time to propose the idea of participate with XSSer on next GSOC / 2013. or starts to. this is the website of last "code works": http://www.google-melange.com/gsoc/homepage/google/gsoc2012 main idea is to create a -dev team- interested in code, until next version release. while, I can do the 'mentoring' task for some students to collaborate with their college careers. for that, good think is that we have the roadmap practically written: http://xsser.sourceforge.net/xsser/xsser-roadmap.pdf there are some bugs open, and we have a bunch of new ideas to implement. Such as, CSSer, Tunneling with BeeF, ZapXSSer, and more. remember that this year we are on the OWASP project, so, all contributions will go for that Community too: https://www.owasp.org/index.php/OWASP_XSSER I think that is a good oportunity to present your skills and to gain some experience. so, my question is: Do you wanna play XSSer next months? :-D happy cross hacking. psy. |
|
From: Daniel C. C. <dan...@ke...> - 2012-11-16 15:57:40
|
Hola a todos, Probablemente hayais visto ya este post [1], pero por si acaso lo llevo a la lista,en el se analizan las pruebas realizadas con scanners comerciales y open source, y como sale XSSer, me parecio interesante mostrarlo, un saludo a todos! [1] http://sectooladdict.blogspot.co.il/2012/07/2012-web-application-scanner-benchmark.html |
