Saturday, July 14, 2007




XSS Scanner

What is Cross Site Scripting?

" Cross-site scripting (XSS) is a type of computer security vulnerability typically found in web applications which allow code injection by malicious web users into the web pages viewed by other users. Examples of such code include HTML code and client-side scripts. An exploited cross-site scripting vulnerability can be used by attackers to bypass access controls such as the same origin policy. Recently, vulnerabilities of this kind have been exploited to craft powerful phishing attacks and browser exploits. Cross-site scripting was originally referred to as CSS, although this usage has been largely discontinued. "


Recently I have started thinking about making my machine send packets to my ISP which has its server ,timed for allowing me to browse only after 10PM. Idea was kinda DNS Hack. As a result of which i stumbled across a forum which i must say is too cool

Its http://sla.ckers.org
Actually i got slightly deviated from my aim when i saw another important matter by the name Cross Site Scripting a.k.a XSS. SInce there was Python preinstalled in my Feisty , I didnt think twice to download a XSS Scanner , which is a Python code that is mainly aimed at identifying Cross Scripting flaws of a site .
Eg:

nandu@nandu-desktop:~/Desktop/XSS$ python XSSscan.py -s www.kerala.gov.in 80

d3hydr8[at]gmail[dot]com XSS Scanner v1.3
-----------------------------------------------

[+] XSS_scan Loaded
[-] Verbose Mode Off
[+] Alert: D3HYDR8%2D0wNz%2DY0U
[+] XSS Payloads: 6
[+] Site: www.kerala.gov.in
[+] Port: 80
[+] Started: Sat Jul 14 02:00:57 2007

[-] Cancel: Press Ctrl-C

---------------------------------------------
[+] Searching: www.kerala.gov.in
-----------------------------------------------------------------


[+] Potential XSS found: 0

[-] No data written to disk

[-] Done - Sat Jul 14 02:01:07 2007


The above output is generated when you run the script. I had one with the site of my ISP as target .Since the results turned out to be BiG i added this. Enjoy XSS and its hi-time that i start some Python lesson or find an alternative to it.

Posted by nandu-legendinthemaking at 7/14/2007 01:51:00 AM

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)