XSS Tunnel is a proxy which allows you to traffic any HTTP traffic through a Cross-site Scripting (XSS) Channel opened by XSS Shell. The Demo below shows how to setup an XSS Channel between a victim and an attacker so that an attacker to control a victim’s browser by sending it commands.

This demo show the attacker post an comment with put in the malicious URL on the victim’s blog. All you need to do is to trick the victim to go your malicious website where you have your XSS channel setup. Once the victim click on the malicoius URL, then that’s is how the story began:

Demo of XSS Tunneling with hijack WordPress’s admin authenticated session.