Shell of the Future is a Reverse Web Shell handler. It can be used to hijack sessions where JavaScript can be injected using Cross-site Scripting or through the browser's address bar. It makes use of HTML5's Cross Origin Requests and can bypass anti-session hijacking measures like Http-Only cookies and IP address-Session ID binding.
It can be used to:
Demonstrate the severity of XSS and JavaScript injection attacks
Create POCs for XSS vulnerabilities in Penetration test reports
Run automated scans on internal websites from outside by tunneling the traffc through an internal browser
Fixed a SSL Url handling bug in the direct fetch feature
Download: http://www.andlabs.org
{ 0 komentar... Views All / Send Comment! }
Posting Komentar