domingo, 20 de enero de 2013

XSS Hacking tutorial




1.- Introducción
2.- Tipos de Ataques
- Reflected Cross Site Scripting (XSS Reflejado)
- Stored Cross Site Scripting (XSS Persistente)
- DOM Cross Site Scripting (DOM XSS)
- Cross Site Flashing (XSF)
- Cross Site Request/Reference Forgery (CSRF)
- Cross Frame Scripting (XFS)
- Cross Zone Scripting (XZS)
- Cross Agent Scripting (XAS)
- Cross Referer Scripting (XRS)
- Denial of Service (XSSDoS)
- Flash! Attack
- Induced XSS
- Image Scripting
- anti-DNS Pinning
- IMAP3 XSS
- MHTML XSS
- Expect Vulnerability
3.- Evitando Filtros
4.- PoC examples - Bypassing filters
- Data Control PoC
- Frame Jacking PoC
5.- Técnicas de ataque
+ Classic XSS - Robando “cookies”
+ XSS Proxy
+ XSS Shell
+ Ajax Exploitation
+ XSS Virus / Worms
+ Router jacking
+ WAN Browser hijacking
- DNS cache poison
- XSS Injected code on server
- Practical Browser Hijacking
6.- XSS Cheats - Fuzz Vectors
7.- Screenshots
8.- Herramientas
9.- Links
10.- Bibliografía
11.- Licencia de uso
12.- Autor