XSS Tunnelling is the tunnelling of HTTP traffic through an opened XSS Channel. Thus any application with HTTP proxy support can tunnel its traffic through an XSS Channel (a channel opened by a tool like XSS Shell). White paper is explaining XSS Tunnelling, benefits, real worlds examples and basic usage of XSS Tunnel (a local HTTP proxy for tunnelling) tool. XSS Tunelling Paper: http://www.portcullis-security.com/uplds/whitepapers/XSSTunnelling.pdf XSS Shell, XSS Tunnel Binary Releases and Source Code: http://www.portcullis-security.com/16.php A Short Demonstration Video: http://ferruh.mavituna.com/blogs/xsstunnelling-video.zip Video shows to exploit a permanent XSS in wordpress and bypass Basic Auth on the fly by XSS Tunnel. Regards, -- Ferruh Mavituna http://ferruh.mavituna.com
