123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134 |
-
- `.` ..
- Welcome to XSSer .... `-:` .-`
- `/- - +`
- o + / v1.8[3] -> "The Hiv€!"
- ./ -Ny /.
- `::-` :--yMN:--. `.....
- `mMMMMMmdhysoooosMyoo+oyhdmNMMMMMMMs
- .+ymNMMMMMMMMNmhNdmNMMMMMMMMMMNds/`
- ```o/``-+.M+/:``o/`````
- o: /+ /My .+` :+
- o- ++ +My `+- .o`
- `o. :o .Ms .o o:
- .::` h` o- o. :+.
- GPLv3 .--. :o y :/.
- `` h .s -:.
- :/ o. `` 2010/2020 - by psy
- .o o
- o ./
- +` :.
- :. /`
- -. :
- ` .
- ====================================
- "The code doesn't obey the system"
- ===================
- The Mosquito or Mosquito alarm (marketed as the Beethoven in France and the Swiss-Mosquito in Switzerland)
- is an electronic device, used for solving loitering problems, which emits a sound with a high frequency.
- The newest version of the device, launched late in 2008, has two frequency settings, one of approximately
- 17.4 kHzthat can generally be heard only by young people, and another at 8 kHz that can be heard by
- most people.
- The maximum potential output sound pressure level is stated by the manufacturer to be 108 decibels (dB).
- The sound can typically only be heard by people below 25 years of age, as the ability to hear high frequencies
- deteriorates in humans with age (a phenomenon known as presbycusis).
- The device is marketed as a safety and security tool for preventing youths from congregating in specific areas.
- As such, it is promoted to reduce anti-social behaviour such as loitering, graffiti, vandalism, drug use,
- drug distribution, and violence. In the UK, over 3,000 have been sold, mainly for use outside shops and near
- transport hubs.
- The device is also sold in Australia, France, Denmark, Italy, Germany, Switzerland, Canada and the USA.
- ====================================
- Intro:
- ===================
- Cross Site "Scripter" (aka XSSer) is an automatic -framework- to detect, exploit and report XSS vulnerabilities
- in web-based applications.
- It provides several options to try to bypass certain filters and various special techniques for code injection.
- ----------
- XSSer has pre-installed [ > 1300 XSS ] attacking vectors and can bypass-exploit code on several browsers/WAFs:
- - [PHPIDS]: PHP-IDS
- - [Imperva]: Imperva Incapsula WAF
- - [WebKnight]: WebKnight WAF
- - [F5]: F5 Big IP WAF
- - [Barracuda]: Barracuda WAF
- - [ModSec]: Mod-Security
- - [QuickDF]: QuickDefense
- - [Sucuri]: SucuriWAF
- - [Chrome]: Google Chrome
- - [IE]: Internet Explorer
- - [FF]: Mozilla's Gecko rendering engine, used by Firefox/Iceweasel
- - [NS-IE]: Netscape in IE rendering engine mode
- - [NS-G]: Netscape in the Gecko rendering engine mode
- - [Opera]: Opera Browser
- ====================================
- Documentation:
- ===================
- Slides XSSer -"The mosquito"- 2011 presented on THSF'11 (english):
- - https://xsser.03c8.net/xsser/XSSer_the_mosquito_2011.pdf
- Slides XSSer -"The Cross Site Scripting framework"- 2012 presented on RootedCon (spanish):
-
- - https://xsser.03c8.net/xsser/rooted2012_XSSer.pdf
-
- XSS for fun and profit - conference SCG/09 -PDF (184 pages)
- + English Version: https://xsser.03c8.net/xsser/XSS_for_fun_and_profit_SCG09_(english).pdf
- + Spanish Version: https://xsser.03c8.net/xsser/XSS_for_fun_and_profit_SCG09_(spanish).pdf
- XSSer URL Generation Schema:
- - https://xsser.03c8.net/xsser/url_generation.png
- ====================================
- Downloads:
- ===================
- XSSer can be downloaded from:
- - https://xsser.03c8.net/#download
- You can also clone the latest development version from the XSSer repository:
- $ git clone https://code.03c8.net/epsylon/xsser
- $ git clone https://github.com/epsylon/xsser
- For more details, check the main website:
- - https://xsser.03c8.net
- ====================================
- License:
- ===================
- XSSer is released under the terms of the General Public License v3.
- ====================================
- Author:
- ===================
- psy (epsylon) - <epsylon@riseup.net> - 03c8.net
- ====================================
- Community:
- ===================
- You can FREE JOIN! #xsser community on: irc.freenode.net
|