Transcript OWASP Xenotix XSS Exploit Framework

OWASP Xenotix XSS Exploit
Framework
Gavriliță Cristian
Cebanu Ghenadie
OWASP Top 10 2013
XSS
• Some years back
•
•
•
•
Low Ranked… It wasn’t considered a great vulnerability
SQLi, LFI, RFI, RSI… were considered real vulnerabilities
XSS was considered just <script>alert(“XSS”)</script>
Only possibilities are Phishing or Cookie stealing
• Now…
• Tools like Beef, XSS Tunnel , Xssf, Shell of Future changed the scene
• People started understanding the real threats of XSS
• Some of them are XSS Tunneling, Client side code injection, DoS and DDos,
Cookies Stealing, Malicious Drive-by Downloads, Phishing, Defacing
What is OWASP Xenotix XSS Exploit
Framework
• Xenotix XSS Exploit Framework is a penetration testing tool
• It can be used to detect and exploit XSS vulnerabilities
• It is divided into an XSS Scanner and an Exploitation Framework
• Has support for Gecko, Trident and Webkit
OWASP Xenotix XSS Exploit Framework
• Version 1 : 8 Semptember 2013
• Ajin Abraham
•
•
•
•
•
•
•
•
•
runs a successful Defcon Chapter at Kerala
DEFCON Bangalore-India,
ClubHack ,
nullcon Goa,
OWASP AppSec AsiaPac 2013,
BlackHat Europe 2013 Arsenal ,
Hackmiami 2013 and Confidence 2013,
OHM 2013,
BlackHat USA 2013 Arsenal
Versions: 4.5
•
•
•
•
•
•
•
•
•
•
•
•
JavaScript Beautifier
Pause and Resume support for Scan
Jump to Payload
Cookie Support for POST Request
Cookie Support and Custom Headers for Header Scanner
Added TRACE method Support
Improved Interface
Better Proxy Support
WAF Fingerprinting
Load Files <exploitation module>
Hash Calculator
Hash Detector
Versions: 5
•
•
•
•
•
•
•
•
•
•
Xenotix Scripting Engine
Xenotix API
V4.5 Bug Fixes
GET Network IP (Information Gathering)
QR Code Generator for Xenotix xook
HTML5 WebCam Screenshot(Exploitation Module)
HTML5 Get Page Screenshot (Exploitation Module)
Find Feature in View Source.
Improved Payload Count to 1630
Name Changes
Versions: 6
• Intelli Fuzzer
• IP to Location
• Context Based Fuzzer
• Blind Fuzzer
• HTA Network Configuration
• IP to GeoLocation
• IP Hinting
• Download Spoofer
• HTA Drive-By
• HTA Drive-By Reverse Shell
• JSFuck 6 Char Encoder
• HTML5 Geolocation API
• Reverse TCP Shell Addon (Linux)
• OAuth 1.0a Request Scanner
• jjencode Encoder
• aaencode Encoder
• 4800+ Payloads
• SSL Error Fixed
Unique features
• Zero False Positive
• Triple Browser Engine Support
• 2nd Largest XSS Payloads
• Xenotix API
• Python Scripting Engine with Triple
• Browser Engine Rendering and XSS
• Payload Support
• Top 5th Security Tool of 2013
• Toolsmith Tool of the Month 2013
Scanner Module
• Manual XSS Scanner
• Automode XSS Scanner
• MultiParameter XSS Scanner
• XSS Fuzzer
• XSS Filter Bypassing
• XSS Payload Encoder
• 4800++ XSS Payloads
Exploitation Module
• XSS Kelogger
• XSS Executable Drive-by Download
• XSS Reverse Shell
• XSS HTML5 DDoSer (CORS + WebSocket)
• XSS Cookie Thief
Burp Suite
• An intercepting Proxy, which lets you inspect and modify traffic between
your browser and the target application.
• An application-aware Spider, for crawling content and functionality.
• An advanced web application Scanner, for automating the detection of
numerous types of vulnerability.
• An Intruder tool, for performing powerful customized attacks to find and
exploit unusual vulnerabilities.
• A Repeater tool, for manipulating and resending individual requests.
• A Sequencer tool, for testing the randomness of session tokens.
• The ability to save your work and resume working later.
• Extensibility, allowing you to easily write your own plugins, to perform
complex and highly customized tasks within Burp.
The Zed Attack Proxy (ZAP)
• The Zed Attack Proxy (ZAP) is an easy to use integrated penetration
testing tool for finding vulnerabilities in web applications.
• It is designed to be used by people with a wide range of security
experience and as such is ideal for developers and functional testers
who are new to penetration testing.
• ZAP provides automated scanners as well as a set of tools that allow
you to find security vulnerabilities manually.
Conclusions
• Xenotix XSS Exploit Framework can be used by Security Analysts for
XSS hunting
• Most commercial tools available are either XSS Scanners or XSS
Exploitation tools. Xenotix is the first of it’s kind to act as both, a
Vulnerability scanner as well as an Exploitation framework and it’s
completely free
• Tutorials:
https://www.youtube.com/watch?v=loZSdedJnqc&list=PLX3EwmWe0
cS9fMj1SOTKo8lgm-9XGNzPT