A new tool called Jikto can turn any PC or device with a browser into a site attacker.A new tool too dangerous to give away can turn any PCWindows, Mac, Linuxor any device with a browser into a site attacker.
After silently inserting itself to run inside any browserbe it that of a PC, a cell phoneJikto can then search sites for cross-site scripting vulnerabilities and report its findings to a third party without the user of the infected browser being aware.
It can also replicate itself onto sites containing cross-site scripting vulnerabilities and then spread via latching onto visiting browsers, Hoffman told eWEEK in an interview.
Web application vulnerability scanners have been around some seven years. Most have been software installed on a PC.
That's good, the security researcher said"By getting them interested, we can use that to [heighten the awareness of the dangers of Web site vulnerabilities]."
Next Page: Other exploits