Cross Site Scripting Anonymous Browser (XAB)
A fun exploration on what can be done with cross site scripting, presented at DEF CON 17.
I presented at both Blackhat DC and DEF CON 17 about the Cross Site Scripting Anonymous Browser, or XAB for short. XAB allows for anonymous browsing fueled by sites vulnerable to XSS. The tool/framework really had no other purpose than to finish the statement of "wouldn’t it be neat if..."
All in all, it was a fun research project to expand and extend unintended functionality present in web browsers in an interesting way.
External Links:
- Presentation video: DEF CON 17 - Cross Site Scripting Anonymous Browser
- Code: XAB github repo