XSSSHell looks like the one I was thinking of, though BeEF looks interesting, too. Thanks!<br><br><div class="gmail_quote">On Mon, Jun 16, 2008 at 8:50 AM, Tim Brown <<a href="mailto:tmb@65535.com">tmb@65535.com</a>> wrote:<br>
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;"><div class="Ih2E3d">On Monday 16 June 2008 12:26:48 Hanno Böck wrote:<br>
> Am Mittwoch 11 Juni 2008 schrieb Aaron Katz:<br>
> > Several months ago, there was a post about a proof of concept for<br>
> > complete browser hijacking via XSS. IIRC, the hijacked browser would<br>
> > periodically query a management server, and the management server would<br>
> > track the hijacked browsers in a database. The person controlling the<br>
> > management server could then instruct the hijacked browsers to do his<br>
> > bidding.<br>
> ><br>
> > The thing is, I can't find the tool. I'm wondering if anyone still knows<br>
> > where it is.<br>
><br>
> BeEF? (google for it, according to german law I'm probably not allowed to<br>
> post this link)<br>
<br>
</div><a href="http://www.google.com/search?q=xssshell" target="_blank">http://www.google.com/search?q=xssshell</a><br>
<br>
Cheers,<br>
Tim<br>
<font color="#888888">--<br>
Tim Brown<br>
<mailto:<a href="mailto:tmb@65535.com">tmb@65535.com</a>><br>
<br>
_______________________________________________<br>
Full-Disclosure - We believe in it.<br>
Charter: <a href="http://lists.grok.org.uk/full-disclosure-charter.html" target="_blank">http://lists.grok.org.uk/full-disclosure-charter.html</a><br>
Hosted and sponsored by Secunia - <a href="http://secunia.com/" target="_blank">http://secunia.com/</a></font></blockquote></div><br>