The XSS payload is so powerful and easy to use that security researchers encapsulate many functions as XSS attack platforms. The main purpose of these attack platforms is to demonstrate the dangers of XSS and to facilitate the use of penetration testing. Here are just a few common XSS attack platforms:
Attack API† is a project led by the security researchers at Professional DynaMetric Programs (PDP), which summarizes a lot of ways that the XSS payload can be directly used—the socalled API. Access to clients’ local information is coming from this project.
BeEF* used to be the best XSS demonstration platform at one time. Unlike Attack API, BeEF demonstrated a complete XSS attack process. BeEF has a control background by which an attacker can control all the front-end in it. Each user that is attacked by XSS will appear in the background; the background controller can control the behavior of these browsers and can send commands to these users through XSS.
XSS-Proxy is a lightweight XSS attack platform and can control real-time remote browser XSS attacks through the nested iframe. The XSS attack platform helps to deeply understand the theory and the harm of XSS.