wk xsser list search blog view edit

Main
Papers
Software
Mailings

Projects
FreeNIT
0xFFFF
ACR
Cake
cintruder
dosis
gDVB
pvc
radare
rss2html
screws
spp
stacktrace
mesure
mksend
wistumbler2
xml2doc
xsser
VPMN

Blogs
brainstorm
pancake
pof
esteve
plue
psy

Servers
Youterm
News.nopcode
Cvs.nopcode

XSSer


XSSer: automatic tool for pentesting XSS attacks against different applications.

o Official XSSer homepage
o XSSer Workgroup

Current version


XSSer v1.6 ("The Mosquito: Grey Swarm!").

o Download original source code: XSSer v1.6 -beta-
o Install in ArchLinux from here
o Or update your copy directly from the XSSer -Subversion- repository:

$ svn co https://xsser.svn.sourceforge.net/svnroot/xsser xsser

This version include more features on the GTK+ interface:


zoom


zoom


zoom

TIP: type: 'xsser --gtk' to start from shell. Or run directly XSSer from menu xsser icon

Introduction


Cross Site "Scripter" is an automatic -framework- to detect, exploit and report XSS vulnerabilities in web-based applications.

It contains several options to try to bypass certain filters, and various special techniques of code injection.

o How to Use XSSer (Commands)

o Examples of usage

Documentation


If you have interesting documentation about XSSer, please send an email to the mailing list.

* Slides XSSer -"The mosquito"- 2011 presented on THSF'11

* "XSS for fun and profit":

PDF with practice examples of some XSS techniques. It was presented on the conference SCG-2009:

o English version

o Spanish version

* XSSer URL Generation Schema:


zoom

Mailing list


XSSer has one mailing list hosted on SourceForge.

The xsser-users@lists.sourceforge.net mailing list is the preferred way to ask questions, report bugs, suggest new features and discuss with other users.

The mailing list is archived online. To subscribe use the online web form.

License


XSSer is released under the terms of the General Public License v3 and is copyrighted by psy.

Author


GPG Public ID Key: 0x3CAA25B3

* Website:
o http://lordepsylon.net

* Email:
o psy
o epsylon

* Microblogging:
o identi.ca
o twitter

Community


If you are interesting in follow last news about XSSer, you can join #xsser-community on many different places:

* Microblogging:
o identi.ca
o twitter.com

* Social networking:
o lorea.org

* Or using IRC:
o irc.freenode.net / channel: #xsser

Contribute


If you want to contribute to XSSer development, reporting a bug, providing a patch, commenting on the code base or simply need to find help to run XSSer, first refer to the xsser documentation and then surf the xsser mailing list online archives. If nobody gets back to you, then drop me an e-mail.

Please, add one link to this site when you report some XSS vulnerabilities founded by XSSer.

Supports


XSSer was been one of the winner projects of the NLnet Awards of April (2010).

This -framework- is actively looking for new sponsors and funding.

If you or your organization has an interest in keeping XSSer, please contact directly or send your ideas to the mailing list.