================================================================ Changelog: XSSer v1.7.2 (xsser.03c8.net) ============================== ================= April 12, 2018: ================= - Removed deprecated features (search engines, SSLv3...) - Fixed auto-update option ================= February 24, 2016: ================= - Removed deprecated features - Updated Automatic XSS vectors list (Total: 578 = XSS: 558 + DCP: 4 + DOM: 5 + HTTPsr: 11) - Added XST (Cross Site Tracing) - Advanced XSA (Cross Site Agent), XSR (Cross Site Referer) and Cookie Injection - Updated/Fixed Dorkering system (Search engines supported: duck, bing, google, yahoo, yandex) - Added Dorking from file (30 potential 'XSS dorks' provided) - Added Mass-Dorking (search with all search engines provided) - Added Discarding response method to evade false positives - Added Anti-antiXSS Firewall rules (Bypassers provided for: PHPIDS, Imperva, WebKnight, F5BigIP, Barracuda, Apache-Modsec, QuickDefense) - Added 'Wizard Helper' to shell mode - Updated XSSer tool updater - Updated 'Mana' system - Fixed Crawlering system - Added feature: 'Automatically audit an entire target" - Modified/Updated GTK+ - Added Requirements - Updated Documentation ================= November 28, 2011: ================= - Added Drop Cookie option - Added Random IP X-Forwarded-For an X-Client-IP option - Added GSS and NTLM authentication methods - Added Ignore proxy option - Added TCP-NODELAY option - Added Follow redirects option - Added Follow redirects limiter parameter - Added Auto-HEAD precheck system - Added No-HEAD option - Added Isalive option - Added Check at url option (Blind XSS) - Added Reverse Check parameter - Added PHPIDS (v.0.6.5) exploit - Added More vectors to auto-payloading - Added HTML5 studied vectors - Fixed Different bugs on core - Fixed Curl handlerer options - Fixed Dorkerers system - Fixed Bugs on results propagation - Fixed POST requests - Added New features to GTK controller - Added Detailed views to GTK interface ================= February 21, 2011: ================= - Added heuristic test - Updated dorkers list - HTTP Response Splitting Induced code - GTK+ interface - Geomapping - Multithreading workers - Test controllers - Added websockets technology (orbited) - Added update option - DoS (server) side injection - DCP/DOM/Induced final code - Code clean - Bugfixing - New options menu - More advanced statistics system ================= November 7, 2010: ================= - Added "final remote injections" option - Cross Flash Attack! - Cross Frame Scripting - Data Control Protocol Injections - Base64 (rfc2397) PoC - OnMouseMove PoC - Browser launcher - Code clean - Bugfixing - New options menu - Pre-check system - Crawler spidering clones - More advanced statistics system - "Mana" ouput results ================= September 22, 2010: ================= - Added a-xml exporter - ImageXSS - New dorker engines (total 10) - Core clean - Bugfixing - Social Networking auto-publisher - - Started -federated- XSS (full disclosure) pentesting botnet. http://identi.ca/xsserbot01 http://twitter.com/xsserbot01 ================= August 20, 2010: ================= - Added attack payloads to fuzzer (26 new injections) - POST - Statistics - URL Shorteners - IP Octal - Post-processing payloading - DOM Shadows! - Cookie injector - Browser DoS (Denegation of Service). ================= July 1, 2010: ================= - Dorking - Crawling - IP DWORD + Core clean. ================= April 19, 2010: ================= - HTTPS implemented + patched bugs. ================= March 22, 2010: ================= - Added "inject your own payload" option. Can be used with all character encoding -bypassers- of XSSer. ================= March 18, 2010: ================= - Added attack payloads to fuzzer (62 different XSS injections). ================= March 16, 2010: ================= - Added new payload encoders to bypass filters.