123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162 |
- ================================================================
- Changelog: XSSer v1.7.2 (xsser.03c8.net)
- ==============================
- =================
- April 12, 2018:
- =================
- - Removed deprecated features (search engines, SSLv3...)
- - Fixed auto-update option
- =================
- February 24, 2016:
- =================
- - Removed deprecated features
- - Updated Automatic XSS vectors list (Total: 578 = XSS: 558 + DCP: 4 + DOM: 5 + HTTPsr: 11)
- - Added XST (Cross Site Tracing)
- - Advanced XSA (Cross Site Agent), XSR (Cross Site Referer) and Cookie Injection
- - Updated/Fixed Dorkering system (Search engines supported: duck, bing, google, yahoo, yandex)
- - Added Dorking from file (30 potential 'XSS dorks' provided)
- - Added Mass-Dorking (search with all search engines provided)
- - Added Discarding response method to evade false positives
- - Added Anti-antiXSS Firewall rules (Bypassers provided for: PHPIDS, Imperva, WebKnight, F5BigIP, Barracuda, Apache-Modsec, QuickDefense)
- - Added 'Wizard Helper' to shell mode
- - Updated XSSer tool updater
- - Updated 'Mana' system
- - Fixed Crawlering system
- - Added feature: 'Automatically audit an entire target"
- - Modified/Updated GTK+
- - Added Requirements
- - Updated Documentation
- =================
- November 28, 2011:
- =================
- - Added Drop Cookie option
- - Added Random IP X-Forwarded-For an X-Client-IP option
- - Added GSS and NTLM authentication methods
- - Added Ignore proxy option
- - Added TCP-NODELAY option
- - Added Follow redirects option
- - Added Follow redirects limiter parameter
- - Added Auto-HEAD precheck system
- - Added No-HEAD option
- - Added Isalive option
- - Added Check at url option (Blind XSS)
- - Added Reverse Check parameter
- - Added PHPIDS (v.0.6.5) exploit
- - Added More vectors to auto-payloading
- - Added HTML5 studied vectors
- - Fixed Different bugs on core
- - Fixed Curl handlerer options
- - Fixed Dorkerers system
- - Fixed Bugs on results propagation
- - Fixed POST requests
- - Added New features to GTK controller
- - Added Detailed views to GTK interface
- =================
- February 21, 2011:
- =================
- - Added heuristic test
- - Updated dorkers list
- - HTTP Response Splitting Induced code
- - GTK+ interface
- - Geomapping
- - Multithreading workers
- - Test controllers
- - Added websockets technology (orbited)
- - Added update option
- - DoS (server) side injection
- - DCP/DOM/Induced final code
- - Code clean
- - Bugfixing
- - New options menu
- - More advanced statistics system
- =================
- November 7, 2010:
- =================
- - Added "final remote injections" option
- - Cross Flash Attack!
- - Cross Frame Scripting
- - Data Control Protocol Injections
- - Base64 (rfc2397) PoC
- - OnMouseMove PoC
- - Browser launcher
- - Code clean
- - Bugfixing
- - New options menu
- - Pre-check system
- - Crawler spidering clones
- - More advanced statistics system
- - "Mana" ouput results
- =================
- September 22, 2010:
- =================
- - Added a-xml exporter
- - ImageXSS
- - New dorker engines (total 10)
- - Core clean
- - Bugfixing
- - Social Networking auto-publisher -
- - Started -federated- XSS (full disclosure) pentesting botnet.
- http://identi.ca/xsserbot01
- http://twitter.com/xsserbot01
- =================
- August 20, 2010:
- =================
- - Added attack payloads to fuzzer (26 new injections)
- - POST
- - Statistics
- - URL Shorteners
- - IP Octal
- - Post-processing payloading
- - DOM Shadows!
- - Cookie injector
- - Browser DoS (Denegation of Service).
- =================
- July 1, 2010:
- =================
- - Dorking
- - Crawling
- - IP DWORD + Core clean.
- =================
- April 19, 2010:
- =================
- - HTTPS implemented + patched bugs.
- =================
- March 22, 2010:
- =================
- - Added "inject your own payload" option. Can be used with all character encoding -bypassers- of XSSer.
- =================
- March 18, 2010:
- =================
- - Added attack payloads to fuzzer (62 different XSS injections).
- =================
- March 16, 2010:
- =================
- - Added new payload encoders to bypass filters.
|