What is xss attack .. Xss Attack Details
Xss attack Details
- XSS Shell is a cross-site scripting backdoor into the victim's browser which enables an attacker to issue commands and receive responses.
- During a normal XSS attack an attacker only has one chance to control a victim's browser; however, the XSS Shell keeps the connection between the attacker and the victim open to allow the attacker to continuously manipulate the victim's browser.
- XSS Shell works by setting up an XSS Channel, an AJAX application embedded into the victim's browser, that can obtain commands and send back responses.
- To enable the XSS Shell an attacker needs to inject the XSS Shell's Javascript reference by utilizing a XSS flaw on a website.
- Once the victim's browser is infected with the XSS Shell and the XSS Channel is created, the attacker can issue instructions to the infected browser.
- Also, the Attacker can use a XSS Tunnel to transfer HTTP traffic through the XSS Channel and the victim's browser; in turn, exploiting the victim's credentials to bypass authentications and IP Restrictions.
- The XSS Tunnel is a HTTP Proxy that sits on an attacker's computer, and any tool that is configured to use it will tunnel its traffic through the XSS Channel.
0 comments:
Post a Comment