XssRays 0.5.5 ported to BeEF by Michele "antisnatchor" Orru' The XSS detection mechanisms has been rewritten from scratch: instead of using the location hash trick (that doesn't work anymore), if the vulnerability is triggered the JS code vector will contact back BeEF. Other aspects of the original code have been simplified and improved.
- Source:
Methods
(static) checkBrowser(vector_array_index)
return true is the attack vector can be launched to the current browser type.
Parameters:
| Name | Type | Description |
|---|---|---|
vector_array_index |
array |
- Source:
(static) run(url, method, vector, params, urlencode)
this is the main core function with the detection mechanisms...
Parameters:
| Name | Type | Description |
|---|---|---|
url |
||
method |
||
vector |
||
params |
||
urlencode |
- Source:
(static) runJobs()
run the jobs (run functions added to the stack), and clean the shit (iframes) from the DOM after a timeout value
- Source:
(static) startScan(xssraysScanId, hookedBrowserSession, beefUrl, crossDomain, timeout)
main function, where all starts :-)
Parameters:
| Name | Type | Description |
|---|---|---|
xssraysScanId |
||
hookedBrowserSession |
||
beefUrl |
||
crossDomain |
||
timeout |
- Source: