A cross-site scripting vulnerability may be used by attackers to bypass access controls such as the same origin policy. Cross-site scripting carried out on websites accounted for roughly 80% of all security vulnerabilities documented by Symantec as of 2007. Their effect may range from a petty nuisance to a significant security risk, depending on the sensitivity of the data handled by the vulnerable site and the nature of any security mitigation implemented by the site’s owner.
XSSer is an open source penetration testing tool that automates the process of detecting and exploiting XSS injections against different applications.
* Added “final remote injections” option
* Cross Flash Attack!
* Cross Frame Scripting
* Data Control Protocol Injections
* Base64 (rfc2397) PoC
* OnMouseMove PoC
* Browser launcher
* New options menu
* Pre-check system
* Crawler spidering clones
* More advanced statistics system
* “Mana” ouput results
Download the .deb file for Xsser from here,
Extract it using command – tar -zxvf xsser_1.5-1_all.deb.tar.gz this will generate the xsser_1.5-1_all.deb
Double-click on this .deb file to install it on to your Ubuntu system
After successful installation, you can open the Xsser UI from Application > System Tools > Xsser