Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: XSS Browser hijacking PoC?
From: Hanno Böck <hanno () hboeck de>
Date: Mon, 16 Jun 2008 13:26:48 +0200

Am Mittwoch 11 Juni 2008 schrieb Aaron Katz:
Several months ago, there was a post about a proof of concept for complete
browser hijacking via XSS.  IIRC, the hijacked browser would periodically
query a management server, and the management server would track the
hijacked browsers in a database.  The person controlling the management
server could then instruct the hijacked browsers to do his bidding.

The thing is, I can't find the tool.  I'm wondering if anyone still knows
where it is.

BeEF? (google for it, according to german law I'm probably not allowed to post 
this link)

Hanno Böck              Blog:           http://www.hboeck.de/
GPG: 3DBD3B20           Jabber/Mail:    hanno () hboeck de

Attachment: signature.asc
Description: This is a digitally signed message part.

Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]