Skip to content

Home

Jump to bottom
Panagiotis Chartas edited this page Jun 23, 2022 · 4 revisions

Remarks

At the moment, the tool comes with a small number of optional parameters set by default to values that promote a smooth and reliable execution flow. The verbosity can also be altered while the tool is running (via command prompt). I won't repeat here the information that you can get from the help message of the tool (-h). I have though a few noteworthy remarks about the tool's usage:

About the -g, --grab-poisoned parameter

I set it to False by default because it can get frustrating while testing the tool but it's actually one of the best features and i encourage you to use it, especially in real engagements. When set to True, toxssin will identify traffic received from poisoned browsers and re-establish the session(s). This is cool because, you can have the toxssin server running and if a user opens a malicious link you sent in the past (it can be in the browser's history) the session will be established. You can test this behavior as follows:

  1. Run toxssin,
  2. Open a malicious link, have 1 or more sessions established,
  3. Close the toxssin server,
  4. Re-run toxssin with -g option. After a few seconds the session(s) will be established again.

About the exec command

You can use the command to run custom JavaScript code from a file against a session by providing the session id. Instead of SID you can type active to run the script against the current active session. The script will get in a queue for execution and will (by default) be executed maximum 3 seconds after you call exec. This is because the JavaScript function that handles custom script executions runs periodically along with some other functions, the execution time cycle of which is controlled by the -f parameter and is set by default to 3000 ms.

After running a custom script you will receive a report with the output (if any) and if there were errors (along with error messages). Here's an example output with a custom script that runs successfully and returns 'Scare transformation completed' and a second one that includes an intentional syntax error:
exec_example_png

You can find a few example scripts to execute against sessions in the custom_scripts dir of the project.

Clone this wiki locally