xsser v1.7b - is an automatic -framework- to detect, exploit and report XSS vulnerabilities in web-based applications.

xsser v1.7b – is an automatic -framework- to detect, exploit and report XSS vulnerabilities in web-based applications.

Cross Site “Scripter” is an automatic -framework- to detect, exploit and report XSS vulnerabilities in web-based applications.

xsser v1.7b

xsser v1.7b

Features:
+ Automated vectors
+ Different injections: XSS, XSA, XSR, DOM, DCP, Induced…
+ GTK+ Interfaz
+ Wizard helpere
+ Exploiting methods
+ Geomapping
+ HTML5 vectors
+ Encoding bypassers: String.FromCharCode, Unicode, Decimal, Hexadecimal…
+ Special final injections: onMouseMove(), Iframes…
+ Different spoofing methods
+ Etc

xsser gui

xsser gui

XSSer contains ‘exploits’ for this browsers:
– [Chrome]: Google Chrome.
– [IE9.0]: Internet Explorer 9.0.
– [IE8.0]: Internet Explorer 8.0.
– [IE7.0]: Internet Explorer 7.0.
– [IE6.0]: Internet Explorer 6.0.
– [NS8.1-IE]: Netscape 8.1+ in IE rendering engine mode.
– [NS8.1-G]: Netscape 8.1+ in the Gecko rendering engine mode.
– [FF]: Mozilla’s Gecko rendering engine, used by Firefox/Iceweasel.
– [Opera]: Opera.
– [NS4]: Netscape 4.0.

Usage:

Source: http://xsser.03c8.net