XSS Shell and Something More

Sat, 04 Nov 2006 08:15:22 GMT
by pdp

Ferruh Mavituna has released quite intriguing project called XSS Shell. Conceptually XSS Shell is a persistent bi-directional channel that is controlled by a administrative console and can be hooked on any XSS hole; just like Backweb, XSS Proxy and BEEF. with this channel attackers are able to do some quite nasty stuff, like accessing your clipboard (IE only), use your machine to get into your local network, use your network resources to DDoS someone, etc.

Ferruh's XSS Shell differs from the other frameworks in many different ways. First of all it is written in ASP. Also, it provides mechanisms for extending the server as well as the client functionalities. An online presentation on how to use the framework is also available. Check it out if your are still confused what the fuss is all about.

Although, I quite like the work that has been done on XSS Shell, I have a few remarks. I hope that my message will not be misunderstood.

When I was developing the initial 0.1 release of Backweb, I was thinking about portability issues a lot. Things like multi-channel support, interchangeable backend logic, database connectivity, flexible communication channel protocol, ease of use and ease of development were my main concerns. The web is a very diverse medium and if you want to create a good product that works everywhere you need to handle all technologies accordingly. That's why Backweb employs the separation of concerns model. As such, developers can create as many flavors of the attack channel as they need and all of them can be handled easily from the Frontend API. The top logic is pure JavaScript. The structure is defined by HTML and the presentation is simple CSS. One can manage multiple of channels. One channel can support backend database to lower the load of system resources while other can be self contained to be more portable. The top logic requires zero configuration in order to make it work. That's important. Installing actions is a peace of cake.

Ferruh's XSS Shell is great but it will be even better if less is required to extend the framework. Anyway, check it out. It is a good project and I am definitely looking forward to see how it will develop in the future.

Meanwhile I am busy with a few other projects that will be available quite soon. As you might already know I need to change Backweb's name to something else. Apparently the name is a registered trademark in US, Europe and Japan. This is quite nasty because I really like this name. I am deciding between the following two options: BACKEND Attack Console or BACKVERSE Attack Console. I have more ideas but they are not that good. If anyone has a good name for this project please don't hesitate to propose it here on this blog. You will hold the credits for it.

Archived Comments

paulpaul
HUMPBACK, like the camel. Because the tool is for making web pages carry an extra load :) Just the first thing that came to mind. Keep up the great work.
evaristeevariste
Some ideas for a name: Insinuation PoisonDart 22x55 xss-dashboard crosscript XSS/HQ
pdppdp
Thanks paul, I will keep that in mind.
pdppdp
evariste, this is a great list. Thanks man. I wish I have more time so others can contribute as well. But definitely I will have these in mind. Here are some more: Tank WEBTANK ThinkTank WEBACUS Insectronix BACKFRAME There are a few more on the list :). Thanks
MustLiveMustLive
XSS Shell is nice (I also wrote about this program at my site), as Backweb, XSS Proxy and BEEF are. And about the name for your project, pdp ;-). Backweb is pretty name, but in case that you need new name, I can advise you to take BACKEND Attack Console (BACKEND) from those you said. Also BACKFRAME is nice. As you already selected this name (I saw your article "Backframe 2.x Sneak Preview"). First time I thought that it is another your project, but later I read that you had to change project's name. So I also need to write at my site about new name of your project :-) (ex-Backweb).
pdppdp
Thanks MustLive. Unfortunately, I need to change the name. Thanks for the suggestion, I will keep it mind for some other project.