A covert event logger for deployment via xss
 
 
Go to file
witchdocsec f8e08af3b9
Update README.md
2024-09-09 04:53:23 +01:00
lib Add files via upload 2024-09-08 20:39:02 +01:00
templates Add files via upload 2024-09-08 20:39:02 +01:00
README.md Update README.md 2024-09-09 04:50:30 +01:00
xevents.json Add files via upload 2024-09-08 20:39:02 +01:00
xevents.py Add files via upload 2024-09-08 20:39:02 +01:00

README.md

Xevents

A covert event logger for deployment via xss
image

Demonstrate Impact

When cookies are http only and you can't perform the bog standard cookie theft to ATO,
xevents provides an easy way to demonstrate impact by enabling an attacker to spy on user actions.

Victim Tracking

Targets maintain the same numeric identifier accross multiple compromised domains making them easier to profile.

Configurable

given a set of tag names and events (user specified), Xevents generates and serves a payload that attaches the relevant listeners and uses the fetch api to exfiltrate data

useage

usage: xevents.py [-h] [-H HOST] [-p PORT] [-t TAGS [TAGS ...]] [-a ACTIONS [ACTIONS ...]] [-c CONFIG] [-tu TUNNEL]

xevents args

options:
  -h, --help            show this help message and exit
  -H HOST, --host HOST  ip, default 0.0.0.0
  -p PORT, --port PORT  port, default 5000
  -t TAGS [TAGS ...], --tags TAGS [TAGS ...]
                        tag list separated by spaces
  -a ACTIONS [ACTIONS ...], --actions ACTIONS [ACTIONS ...]
                        event list separated by spaces
  -c CONFIG, --config CONFIG
                        json config file (ignored if tags and events specified)
  -tu TUNNEL, --tunnel TUNNEL
                        url of tunnel