cross site scripting anonymous browser

I presented at both Blackhat DC and DEF CON 17 about the Cross Site Scripting Anonymous Browser, or XAB for short. XAB allows for anonymous browsing fueled by sites vulnerable to XSS. The tool/framework really had no other purpose than to finish the statement of “wouldn’t it be neat if…”

All in all, it was a fun research project to expand and extend unintended functionality present in web browsers in an interesting way.

Here’s a link to the video of the presentation at DEF CON 17:

XAB can be downloaded at