-
-
Notifications
You must be signed in to change notification settings - Fork 78
FAQ
Simply copy and paste the generated XSS payloads into the vulnerable website. It couldn't be much easier. XSScope aims for all kinds of XSS (DOM, Stored, Reflected and Blind XSS).
While sending the HTML payload to the victim, remember to keep xsscope.py running, otherwise the IP and Port (used for Portforwading) will be generated with a new one. If you want to rerun the script, be aware that you will lose the connections you currently/might have.
When user(s) get infected, they will not do anything but pinging every x seconds to the attacker's payload (xsscope.js) and wait for attack orders. No exploit/attack will be performed during this time. The TCP Beacon is an time-based binding of attacker payload. A bind payload is victim who waits for an attack from its controller every x seconds.
Example: If you set Beacon Interval to 40000 ms, the infected victim will ping every 40 seconds to the attacker's payload. If the attacker plans to (in this case: grab a screenshot), the victim will execute the attack order after 40 seconds.
No, you don't need to. If you want to apply new changes to Agent Module Payload (xsscope.js), simply reopen Agent Module Tab, click the desired features and Build the payload again. This can be done without the need of closing the software and reopening it.