Ferruh Mavituna emailed me today and told me today about a project he has been working on for a few months and finally released today - XSS Shell. In the wake of projects like Anton Rager’s XSS Proxy Petko D Petkov’s backweb and Bindshell’s BeEF Exploitation Framework Ferruh comes out with XSS Shell, complete with a flash video on how it works, it’s a very full featured and easy to use.
This is really interesting in how it allows you to maintain consistent and persistent access to the browser on the domain once it has been XSSed. Tying these sorts of things into heuristics engines can really allow you to gain tons of information about sites that you may not be able to access directly (like Intranet websites). The really interesting part is that Ferruh gives you the opportunity to talk to your victim. Maybe communicating with the victim is part of the game.
Suddenly the movie hackers popped into my mind. Hack into my video station and I start communicating with you through your browser in real time. Interesting thought anyway.