Tunnelling HTTP Traffic Through XSS Channels
An XSS Channel is an interactive communication channel between two systems which is opened by an XSS attack. At a technical level, it is a type of AJAX application which can obtain commands, send responses back and is able to talk cross-domain.
The XSS Shell is a tool that can be used to setup an XSS Channel between a victim and an attacker so that an attacker to control a victim’s browser by sending it commands. This communication is bi-directional.
Download the article in PDF format here.