Jason Wood alerted me to this one. Apparently Ferruh Mavituna posted about a new tool he’s created to do XSS tunneling. At first blush it looks a lot like what Jeremiah Grossman built and what Billy Hoffman later re-created for Jikto, except Ferruh’s is in .NET instead of server side scripts. “So what” you say? Well there is one aspect of this that actually is interesting and caught my eye.