about.txt 6.5 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134
  1. `.` ..
  2. Welcome to XSSer .... `-:` .-`
  3. `/- - +`
  4. o + / v1.8[3] -> "The Hiv€!"
  5. ./ -Ny /.
  6. `::-` :--yMN:--. `.....
  7. `mMMMMMmdhysoooosMyoo+oyhdmNMMMMMMMs
  8. .+ymNMMMMMMMMNmhNdmNMMMMMMMMMMNds/`
  9. ```o/``-+.M+/:``o/`````
  10. o: /+ /My .+` :+
  11. o- ++ +My `+- .o`
  12. `o. :o .Ms .o o:
  13. .::` h` o- o. :+.
  14. GPLv3 .--. :o y :/.
  15. `` h .s -:.
  16. :/ o. `` 2010/2020 - by psy
  17. .o o
  18. o ./
  19. +` :.
  20. :. /`
  21. -. :
  22. ` .
  23. ====================================
  24. "The code doesn't obey the system"
  25. ===================
  26. The Mosquito or Mosquito alarm (marketed as the Beethoven in France and the Swiss-Mosquito in Switzerland)
  27. is an electronic device, used for solving loitering problems, which emits a sound with a high frequency.
  28. The newest version of the device, launched late in 2008, has two frequency settings, one of approximately
  29. 17.4 kHzthat can generally be heard only by young people, and another at 8 kHz that can be heard by
  30. most people.
  31. The maximum potential output sound pressure level is stated by the manufacturer to be 108 decibels (dB).
  32. The sound can typically only be heard by people below 25 years of age, as the ability to hear high frequencies
  33. deteriorates in humans with age (a phenomenon known as presbycusis).
  34. The device is marketed as a safety and security tool for preventing youths from congregating in specific areas.
  35. As such, it is promoted to reduce anti-social behaviour such as loitering, graffiti, vandalism, drug use,
  36. drug distribution, and violence. In the UK, over 3,000 have been sold, mainly for use outside shops and near
  37. transport hubs.
  38. The device is also sold in Australia, France, Denmark, Italy, Germany, Switzerland, Canada and the USA.
  39. ====================================
  40. Intro:
  41. ===================
  42. Cross Site "Scripter" (aka XSSer) is an automatic -framework- to detect, exploit and report XSS vulnerabilities
  43. in web-based applications.
  44. It provides several options to try to bypass certain filters and various special techniques for code injection.
  45. ----------
  46. XSSer has pre-installed [ > 1300 XSS ] attacking vectors and can bypass-exploit code on several browsers/WAFs:
  47. - [PHPIDS]: PHP-IDS
  48. - [Imperva]: Imperva Incapsula WAF
  49. - [WebKnight]: WebKnight WAF
  50. - [F5]: F5 Big IP WAF
  51. - [Barracuda]: Barracuda WAF
  52. - [ModSec]: Mod-Security
  53. - [QuickDF]: QuickDefense
  54. - [Sucuri]: SucuriWAF
  55. - [Chrome]: Google Chrome
  56. - [IE]: Internet Explorer
  57. - [FF]: Mozilla's Gecko rendering engine, used by Firefox/Iceweasel
  58. - [NS-IE]: Netscape in IE rendering engine mode
  59. - [NS-G]: Netscape in the Gecko rendering engine mode
  60. - [Opera]: Opera Browser
  61. ====================================
  62. Documentation:
  63. ===================
  64. Slides XSSer -"The mosquito"- 2011 presented on THSF'11 (english):
  65. - https://xsser.03c8.net/xsser/XSSer_the_mosquito_2011.pdf
  66. Slides XSSer -"The Cross Site Scripting framework"- 2012 presented on RootedCon (spanish):
  67. - https://xsser.03c8.net/xsser/rooted2012_XSSer.pdf
  68. XSS for fun and profit - conference SCG/09 -PDF (184 pages)
  69. + English Version: https://xsser.03c8.net/xsser/XSS_for_fun_and_profit_SCG09_(english).pdf
  70. + Spanish Version: https://xsser.03c8.net/xsser/XSS_for_fun_and_profit_SCG09_(spanish).pdf
  71. XSSer URL Generation Schema:
  72. - https://xsser.03c8.net/xsser/url_generation.png
  73. ====================================
  74. Downloads:
  75. ===================
  76. XSSer can be downloaded from:
  77. - https://xsser.03c8.net/#download
  78. You can also clone the latest development version from the XSSer repository:
  79. $ git clone https://code.03c8.net/epsylon/xsser
  80. $ git clone https://github.com/epsylon/xsser
  81. For more details, check the main website:
  82. - https://xsser.03c8.net
  83. ====================================
  84. License:
  85. ===================
  86. XSSer is released under the terms of the General Public License v3.
  87. ====================================
  88. Author:
  89. ===================
  90. psy (epsylon) - <epsylon@riseup.net> - 03c8.net
  91. ====================================
  92. Community:
  93. ===================
  94. You can FREE JOIN! #xsser community on: irc.freenode.net