Last year, Matt Flick and I presented at both Blackhat DC and Defcon 17 about our Cross Site Scripting Anonymous Browser (XAB for short). XAB allows for anonymous browsing fueled by sites vulnerable to XSS. The tool/framework really had no other purpose than to finish the statement of “wouldn’t it be neat if…”.
All in all, it was a fun research project to expand and extend unintended functionality present in web browsers in an interesting way.
Here’s a link to the video of our presentation at Defcon 17: XAB Defcon presentation video
XAB can be downloaded at xab.sourceforge.net