shadow workers: XSS & SW exploitation framework
Shadow Workers is a free and open source C2 and proxy designed for penetration testers to help in the exploitation of XSS and malicious Service Workers (SW).
A successful exploitation allows you to browse on the targeted application as the victim(s), as long as the SW (agent) is active. A victim does not have to have a browser tab open in the application for the agent to be active.
The following conditions need to be met in order to be able to achieve SW registration on victims’ browsers:
- An XSS vulnerability exists on the application
Currently, the tool supports the following:
Copyright (c) 2019 Claudio Contin