This document discusses using cross-site scripting (XSS) attacks to tunnel HTTP traffic by establishing an XSS channel. It works by embedding a script in a vulnerable site that can make requests to another domain, allowing an attacker to exfiltrate data or establish a remote shell. This technique is better than classic XSS attacks as it provides a covert channel that is difficult for the victim to detect.