SSImp: The Server Side Impersonator

Traditionally, when one wants to illustrate an XSS vulnerability there are two approaches. The first is to show the client the XSS and assume that they know and understand the impact. The second is to write a fully fledged exploit which takes some form of action on the client’s server so that they can see the truly devastating impact. If you frequently find that the second of these options is the only possible way to draw attention to the problems of XSS, but have grown tired of having to write these from scratch, setting up cookie loggers, anti-CSRF tokens and fiddly AJAX requests etc., then the SSImp is the tool for you.

What does it do?

SSImp provides an XML scripting language for crafting sequential HTTP requests to a remote host.

The currently provided features are:

• GET and POST requests
• Set cookies from a querystring or from a previous request's Set-Cookie response header
• Store variables from page output using PCREs, useful for anti-CSRF token extraction
• Emulation of "victim"'s User-Agent

SSImp is a .NET Framework Web Application written in C#, meaning that the most common method of usage is to embed the Web Application in an iframe on the target server.

See also

• QuickStart
• SSImpScript