Anehta is Web Application tool for Security Audit, written in PHP/JavaScript designed to make Cross site scripting and other web attacks easier and automated.
Install & Configure:
1. Decompress all the files in a directory on your server
2. Make sure your directory has the write permission.
3. Modify $U as username and $P as password in “server/class/auth_Class.php” file.
Default username is “admin” and default password is “123456″.
4. If you want to send mail, modify “server/mail.php” file to your own mail server or mailbox.
Quick Start:
1. Login and turn to the Configure tab.
2. Input the “anehtaurl” as the url where your anehta is.
For example: “http://www.a.com/anehta”.
3. You should also input the boomerang src and boomerang target.
boomerang src is usually the same page where you put your feed.js is.
For example: boomerang src maybe: “http://www.b.com/xssed.html?param=”.
boomerang target must be the page where you want to steal cross domain cookie.
For example: boomerang target maybe: “http://www.alimafia.com/xssDemo.html#’><’”.
You can modify feed.js to cancel the xcookie module if you do not want to use boomerang. But you must always set boomerang src and target values when you modify in the configure tab.
4. After modified configure, simply load feed.js as a external script to where your xss page is. There is also a demo page in the directory which is “demo.html”
5. Refresh the admin.php, and you may see some changes if your xss slave coming.
Source -
0 comments:
Post a Comment