Systematic XSS Exploitation

The CROSS-Site Scripting (XSS) vulnerabilities are usually overlooked and their impact is typically underestimated because its analysis requires security skills that are often absent in testers and developers. In this paper, the author introduces a tool that enables the decoupling of the exploitation and post-exploitation. The tool provides the means to turn a XSS vulnerability into a machine that receives payloads with post-exploitations actions written against a generic API; therefore allowing to asses the full potential of the vulnerability.