`.` .. Welcome to XSSer .... `-:` .-` `/- - +` o + / v1.8[1] -> "The Hive!" ./ -Ny /. `::-` :--yMN:--. `..... `mMMMMMmdhysoooosMyoo+oyhdmNMMMMMMMs .+ymNMMMMMMMMNmhNdmNMMMMMMMMMMNds/` ```o/``-+.M+/:``o/````` o: /+ /My .+` :+ o- ++ +My `+- .o` `o. :o .Ms .o o: .::` h` o- o. :+. GPLv3 .--. :o y :/. `` h .s -:. :/ o. `` 2010/2019 - by psy .o o o ./ +` :. :. /` -. : ` . ==================================== "The code doesn't obey the system" =================== The Mosquito or Mosquito alarm (marketed as the Beethoven in France and the Swiss-Mosquito in Switzerland) is an electronic device, used for solving loitering problems, which emits a sound with a high frequency. The newest version of the device, launched late in 2008, has two frequency settings, one of approximately 17.4 kHzthat can generally be heard only by young people, and another at 8 kHz that can be heard by most people. The maximum potential output sound pressure level is stated by the manufacturer to be 108 decibels (dB). The sound can typically only be heard by people below 25 years of age, as the ability to hear high frequencies deteriorates in humans with age (a phenomenon known as presbycusis). The device is marketed as a safety and security tool for preventing youths from congregating in specific areas. As such, it is promoted to reduce anti-social behaviour such as loitering, graffiti, vandalism, drug use, drug distribution, and violence. In the UK, over 3,000 have been sold, mainly for use outside shops and near transport hubs. The device is also sold in Australia, France, Denmark, Italy, Germany, Switzerland, Canada and the USA. ==================================== Intro: =================== Cross Site "Scripter" (aka XSSer) is an automatic -framework- to detect, exploit and report XSS vulnerabilities in web-based applications. It provides several options to try to bypass certain filters and various special techniques for code injection. ---------- XSSer has pre-installed [ > 1300 XSS ] attacking vectors and can bypass-exploit code on several browsers/WAFs: - [PHPIDS]: PHP-IDS - [Imperva]: Imperva Incapsula WAF - [WebKnight]: WebKnight WAF - [F5]: F5 Big IP WAF - [Barracuda]: Barracuda WAF - [ModSec]: Mod-Security - [QuickDF]: QuickDefense - [Chrome]: Google Chrome - [IE]: Internet Explorer - [FF]: Mozilla's Gecko rendering engine, used by Firefox/Iceweasel - [NS-IE]: Netscape in IE rendering engine mode - [NS-G]: Netscape in the Gecko rendering engine mode - [Opera]: Opera ==================================== Documentation: =================== Slides XSSer -"The mosquito"- 2011 presented on THSF'11 (english): - https://xsser.03c8.net/xsser/XSSer_the_mosquito_2011.pdf Slides XSSer -"The Cross Site Scripting framework"- 2012 presented on RootedCon (spanish): - https://xsser.03c8.net/xsser/rooted2012_XSSer.pdf XSS for fun and profit - conference SCG/09 -PDF (184 pages) + English Version: https://xsser.03c8.net/xsser/XSS_for_fun_and_profit_SCG09_(english).pdf + Spanish Version: https://xsser.03c8.net/xsser/XSS_for_fun_and_profit_SCG09_(spanish).pdf XSSer URL Generation Schema: - https://xsser.03c8.net/xsser/url_generation.png ==================================== Downloads: =================== XSSer can be downloaded from: - https://xsser.03c8.net/#download You can also clone the latest development version from the XSSer repository: $ git clone https://code.03c8.net/epsylon/xsser $ git clone https://github.com/epsylon/xsser For more details, check the main website: - https://xsser.03c8.net ==================================== License: =================== XSSer is released under the terms of the General Public License v3. ==================================== Author: =================== psy (epsylon) - - 03c8.net ==================================== Community: =================== You can FREE JOIN! #xsser community on: irc.freenode.net