xsser/doc/CHANGELOG

================================================================
Changelog: XSSer v1.8.3 (https://xsser.03c8.net)
==============================

=================
March 3, 2020:
=================

- Modified/Updated: anti false positives checkers
- Added: internal 'headless' browser: gecko/firefox engine
- Modified/Updated: --reverse-check (GET/POST) (local/remote)
- Removed: --reverse-open
- Modified/Updated: DOM attack (added vectors: 13)
- Modified/Updated: GTK+
- Added: Requirements
- Updated: Documentation
- Updated: Website

=================
November 16, 2019:
=================

- Ported to: Python3.x
- Bugfixing
- Added: Anti-antiXSS Firewall rules (Bypassers provided: SucuriWAF)
- Modified/Updated: GTK+
- Added: Requirements
- Updated: Documentation
- Updated: Website

=================
September 20, 2019:
=================

- Re-factorized: Main(), Hashers, Payloaders, Reporters, Exporters...
- Removed: deprecated features
- Removed: --no-head (from default)
- Added: new options: --check-tor, --auto-set, --auto-info and --auto-random
- Added: new search engines: duck, startpage
- Added: new dorks (Total: 40)
- Added: Anti-antiXSS Firewall rules (Bypassers provided for: Firefox, IE, Opera, Chrome)
- Modified/Updated: DCP (Data Control Protocol) method
- Modified/Updated: HTTPrs (HTTP Response Splitting) injections
- Modified/Updated: GTK+
- Modified/Updated: Crawler/Spidering
- Updated: "Extra Attacks" (XSA, XSR, COOKIE)
- Updated: Automatic XSS vectors list (Total: 1326 = XSS: 1293 + DCP: 16 + DOM: 6 + HTTPsr: 11)
- Updated: XSSer tool updater
- Updated: Documentation

=================
April 12, 2018:
=================

- Removed: deprecated features (search engines, SSLv3...)
- Fixed: auto-update option

=================
February 24, 2016:
=================

- Removed: deprecated features
- Updated: Automatic XSS vectors list (Total: 578 = XSS: 558 + DCP: 4 + DOM: 5 + HTTPsr: 11)
- Added: XST (Cross Site Tracing)
- Advanced: XSA (Cross Site Agent), XSR (Cross Site Referer) and Cookie Injection
- Updated/Fixed: Dorkering system (Search engines supported: duck, bing, google, yahoo, yandex)
- Added: Dorking from file (30 potential 'XSS dorks' provided)
- Added: Mass-Dorking (search with all search engines provided)
- Added: Discarding response method to evade false positives
- Added: Anti-antiXSS Firewall rules (Bypassers provided for: PHPIDS, Imperva, WebKnight, F5BigIP, Barracuda, Apache-Modsec, QuickDefense)
- Added: 'Wizard Helper' to shell mode
- Updated: XSSer tool updater
- Updated: 'Mana' system
- Fixed: Crawlering system
- Added: feature: 'Automatically audit an entire target" 
- Modified/Updated: GTK+
- Added: Requirements
- Updated: Documentation

=================
November 28, 2011:
=================

- Added: Drop Cookie option
- Added: Random IP X-Forwarded-For an X-Client-IP option
- Added: GSS and NTLM authentication methods
- Added: Ignore proxy option
- Added: TCP-NODELAY option
- Added: Follow redirects option
- Added: Follow redirects limiter parameter
- Added: Auto-HEAD precheck system
- Added: No-HEAD option
- Added: Isalive option
- Added: Check at url option (Blind XSS)
- Added: Reverse Check parameter
- Added: PHPIDS (v.0.6.5) exploit
- Added: More vectors to auto-payloading
- Added: HTML5 studied vectors
- Fixed: Different bugs on core
- Fixed: Curl handlerer options
- Fixed: Dorkerers system
- Fixed: Bugs on results propagation
- Fixed: POST requests
- Added: New features to GTK controller
- Added: Detailed views to GTK interface

=================
February 21, 2011:
=================

- Added: heuristic test
- Updated: dorkers list
- Added: HTTP Response Splitting Induced
- Added: GTK+ interface
- Added: Geomapping
- Added: Multithreading workers
- Added: Test controllers
- Added: websockets technology (orbited)
- Added: update option
- Added: DoS (server) side injection
- Added: DCP/DOM/Induced final code
- Updated: Code clean
- Bugfixing
- Added: New options menu
- Advanced: statistics system

=================
November 7, 2010:
=================

- Added: "final remote injections" option
- Added: Cross Flash Attack! 
- Added: Cross Frame Scripting
- Added: Data Control Protocol Injections  
- Added: Base64 (rfc2397) PoC
- Added: OnMouseMove PoC
- Added: Browser launcher
- Updated: Code clean
- Bugfixing
- Added: New options menu
- Added: Pre-check system
- Added: Crawler spidering clones
- Added: More Advanced: statistics system
- Added: "Mana" ouput results

=================
September 22, 2010:
=================

- Added: a-xml exporter 
- ImageXSS 
- New dorker engines (total 10) 
- Updated: Code clean
- Bugfixing 
- Social Networking auto-publisher
- Started -federated- XSS (full disclosure) pentesting botnet

    http://identi.ca/xsserbot01
    http://twitter.com/xsserbot01

=================
August 20, 2010:
=================

- Added: attack payloads to fuzzer (26 new injections) 
- Added: POST 
- Added: Statistics 
- Added: URL Shorteners 
- Added: IP Octal 
- Added: Post-processing payloading 
- Added: DOM Shadows! 
- Added: Cookie injector 
- Added: Browser DoS (Denegation of Service)

=================
July 1, 2010:
=================

- Added: Dorking 
- Added: Crawling 
- Added: IP DWORD
- Updated: Code clean

=================
April 19, 2010:
=================

- Bugfixing
- Added: HTTPS

=================
March 22, 2010:
=================

- Added: "inject your own payload" option. Can be used with all character encoding -bypassers- of XSSer

=================
March 18, 2010:
=================

- Added: attack payloads to fuzzer (62 different XSS injections)

=================
March 16, 2010:
=================

- Added: new payload encoders to bypass filters