[Security] Download XSS ChEF

Features of XSS ChEF
What can you actually do (when having appropriate permissions)?
Monitor open tabs of victims
Execute JS on every tab (global XSS)
Extract HTML, read/write cookies (also httpOnly), localStorage
Get and manipulate browser history
Stay persistent until whole browser is closed (or even futher if you can persist in extensions’ localStorage)
Make screenshot of victims window
Further exploit e.g. via attaching BeEF hooks, keyloggers etc.
Explore filesystem through file:// protocol
Bypass Chrome extensions content script sandbox to interact directly with page JS

Download koto/xsschef


Popular posts from this blog

[Hack crack] Tổng hợp Google Dork

[Security] Internet blackout scheduled in protest of SOPA