malectricasoftware
/
Xevents
mirror of https://github.com/malectricasoftware/Xevents.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Update README.md

main
witchdocsec 2024-09-09 04:50:30 +01:00 committed by GitHub
parent cdca8134af
commit 67ef405ada
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 23 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
README.md
View File

@ -1,5 +1,6 @@
# Xevents
A covert event logger for deployment via xss
![image](https://github.com/user-attachments/assets/e2ffd5d4-5e0c-4995-92d0-9e8804142712)
## Demonstrate Impact
When cookies are http only and you can't perform the bog standard cookie theft to ATO,
@ -9,4 +10,25 @@ xevents provides an easy way to demonstrate impact by enabling an attacker to sp
Targets maintain the same numeric identifier accross multiple compromised domains making them easier to profile.
## Configurable
given a set of tag names and events (user specified), Xevents generates and serves a payload that attaches the relevant listners and uses the fetch api to exfiltrate data
given a set of tag names and events (user specified), Xevents generates and serves a payload that attaches the relevant listeners and uses the fetch api to exfiltrate data
## useage
```
usage: xevents.py [-h] [-H HOST] [-p PORT] [-t TAGS [TAGS ...]] [-a ACTIONS [ACTIONS ...]] [-c CONFIG] [-tu TUNNEL]
xevents args
options:
-h, --help show this help message and exit
-H HOST, --host HOST ip, default 0.0.0.0
-p PORT, --port PORT port, default 5000
-t TAGS [TAGS ...], --tags TAGS [TAGS ...]
tag list separated by spaces
-a ACTIONS [ACTIONS ...], --actions ACTIONS [ACTIONS ...]
event list separated by spaces
-c CONFIG, --config CONFIG
json config file (ignored if tags and events specified)
-tu TUNNEL, --tunnel TUNNEL
url of tunnel
```