Alert icon
We're changing our privacy policy. This stuff matters.  Learn more  Dismiss

IEFD Ep. 21 - XSS Tunnel - Part 3 of 3

Sign in or sign up now!
Alert icon
Upgrade to the latest Flash Player for improved playback performance. Upgrade now or more info.
4,861
Loading...
Alert icon
Sign in or sign up now!
Alert icon

Uploaded by on Sep 2, 2008

XSS Shell is a cross-site scripting backdoor into the victim's browser which enables an attacker to issue commands and receive responses. During a normal XSS attack an attacker only has one chance to control a victim's browser; however, the XSS Shell keeps the connection between the attacker and the victim open to allow the attacker to continuously manipulate the victim's browser. XSS Shell works by setting up an XSS Channel, an AJAX application embedded into the victim's browser, that can obtain commands and send back responses. To enable the XSS Shell an attacker needs to inject the XSS Shell's Javascript reference by utilizing a XSS flaw on a website. Once the victim's browser is infected with the XSS Shell and the XSS Channel is created, the attacker can issue instructions to the infected browser. Also, the Attacker can use a XSS Tunnel to transfer HTTP traffic through the XSS Channel and the victim's browser; in turn, exploiting the victim's credentials to bypass authentications and IP Restrictions. The XSS Tunnel is a HTTP Proxy that sits on an attacker's computer, and any tool that is configured to use it will tunnel its traffic through the XSS Channel.

Part 3 of 3

www.InfinityExists.com

Category:

Howto & Style

Tags:

License:

Standard YouTube License

  • likes, 0 dislikes

Link to this comment:

Share to:

Top Comments

  • Awesome! There is a lack of good hackers :)

    Backstaberxx1 3 years ago 5

  • heyy guyz- your XSS vidz are brilliant- really useful. ty n tc.

    flix369 3 years ago 2

see all

All Comments (9)

Sign In or Sign Up now to post a comment!

  • How come you guys don't use my screen recorder and play the video on your pc - then post it on youtube- that's how I get my HQ vids up 720p and 1080p ( I think it's 1080p) or Cam Studio or Sony Vegas? I'm sure you know all about them - just wondering tho?

    lu1chy 1 year ago

  • J'ai bien tout fait mais quand je clique sur une commande rien ne se passe :/ si quelqu'un a la solution ...

    N1c062 1 year ago

  • Thanks for another good tutorial.

    This is very powerfull shit. Once i tryed to configure shell xss, but didn't find any help how to do it...

    I luv ya ;) Good job guys. Keep it up.

    verycrazyghoul 2 years ago

  • this reminds me a lot about botnets. am scripting one right now for my server. takes a long time.

    ipen5 3 years ago

  • nice vid!

    what kind of laptop do you use?

    Xperenty 3 years ago

  • cool dudes, thanks for sharing!

    Senseij14 3 years ago 2

Loading...

Alert icon
0 / 00Unsaved Playlist Return to active list
    1. Your queue is empty. Add videos to your queue using this button:
      or sign in to load a different list.
    Loading...Loading...Saving...
    • Clear all videos from this list
    • Learn more