XSS Shell is an effective backdoor for XSS, designed to provide powerful control over web servers to hackers.
This latest release of XSS Shell comes with a key and advanced feature called "Regenerating Pages." It re-renders the infected page and keeps the user in a virtual environment, making sure that even if the user clicks any links in the infected page, they will still be under control (within cross-domain restrictions). In a normal XSS attack, when the user leaves the page, there is nothing that the attacker can do. This feature also keeps the session open, so even if the victim follows an outside link from the infected page, the session is not going to time out, and the attacker will still be in charge.
Another valuable feature of XSS Shell is its keylogger functionality. The software has a mouse logger, including click points and the current DOM. There are pre-built commands in the software that allow users to retrieve essential data, execute supplied javaScript (eval), check victim's visited URL history, and Force to Crash victim's browser.
There are certain limitations, though. The keylogger is not working on IE, and the software may not work for framed pages due to frame regeneration. Additionally, it does not work on Konqueror.
The latest version of XSS Shell has added two new features that enhance the already impressive capabilities of the software. The software now comes with a connection drop timeout check, which means that if the user's XSS Shell server is down or the connection is dropped because of the victim, it'll try to repair itself. The DoS and Crash commands have also been added to the software, ensuring that it has everything you need to launch full-fledged attacks.
Overall, if you're looking to conduct Cross-site Scripting attacks on web applications, XSS Shell is an outstanding tool that you won't want to be without.
Version 0.3.9: N/A