Greasemonkey Script for XSS Link Building

In the spirt of putting more guns in the hands of children, we bring you more ways to create inbound links with cross site scipting.

Rsnake must have finished moving and unpacked his computers because he has created a Grease Monkey Detection Script for XSS (Cross Site Scripting).

Here’s the crappy redirect detection Greasemonkey script. I don’t recommend using it, because it sucks, but it was a good proof of concept.

Now granted a good chunk of these do not work, but that actually shouldn’t matter much. Without even testing, sending multiple possible attempts to Google, even if 80% of them fail, it’s not like you are giving anything up, you are sending valid links that probably have some custom error logic. It just looks like you are linking to a lot of custom error pages, potentially. So pruning the redirect attack list may or may not help.

SEO by spray and pray. Hat tip to v7n.

Both comments and pings are currently closed.

One Response to “Greasemonkey Script for XSS Link Building”

  1. [...] Eventually, this will be a bigger problem as automated XSS injection becomes more prevalent.  I’ll probably write something about “super worms” soon that will explain why this could have way bigger implications than simple redirects, but I also wanted to get something out soon, because I had been promising this script for a while to Quadzilla and a few other folks. [...]