XSS Shell is powerful XSS backdoor and a zombie manager.
Using XSS Shell one can interactively send requests and get responses from victim and it allows you to keep the control of session.
- Regenerating Pages
- This is one of the key and advanced features of XSS Shell. XSS Shell re-renders the infected page and keep user in virtual environment. Thus even user click any links in the infected page he or she will be still under control! (within cross-domain restrictions) In normal XSS attacks when user leaves the page you can’t do anything
- Secondly this feature keeps the session open so even victim follow an outside link from infected page session is not going to timeout and you will be still in charge.
- Mouse Logger (click points + current DOM)
- Built-in Commands;
- Get Keylogger Data
- Get Current Page (Current rendered DOM / like screenshot)
- Get Cookie
- Get Clipboard (IE only)
- Get internal IP address (Firefox + JVM only)
- Check victim’s visited URL history