#infosec Jobs Update
HOC Blog Updates
XMPPloit is a command-line tool to attack XMPP connections, allowing the attacker to place a gateway between the client and the server and perform different attacks on the client stream.
The tool exploit implements vulnerabilities at the client & server side utilizing the XMPP protocol.
Harvesting Cross Site Scripting, Clicks,
Keystrokes and Cookies
Even today many of us still do not understand the impact of an exploited XSS vulnerability, and include the security community in this statement.
To summarize, a successfully exploited XSS vulnerability will allow the interception of ALL keystrokes, ALL mouse actions, ALL cookies (unless protected by scope) on ALL pages of the affect domain, regardless of whether or not the vulnerability is “reflected” or “persistent”.XSS-Harvest is multi-threaded pre-forking web server written in Perl, and requires no dependencies other than a couple of common Perl modules; you do not need a web server or database to use this tool.