Ir al contenido principal

How to test your application for XSS vulnerabilities using XSSer

When testing an application for XSS vulnerabilities it can be sometimes hard to come up with a successful attack and test multiple alternatives. You can use an app like XSSer to automate this, in this quick tips episode, you will learn how. Above is the vid and below you will find some useful notes.
  1. 1.

    Pre-reqs

    • Have node.js installed for the sample app
    • Have Docker installed
  2. 2.

    Using XSSer

    • Create the dockerfile with xsser 
      FROM kalilinux/kali-rolling

WORKDIR /workdir

RUN apt-get update && \
    apt-get install -y xsser

ENTRYPOINT ["xsser"]
    • Build the image 
      docker build -t xsser .
    • Run xsser to check options 
      docker run -it --rm --name xsser xsser
      Run xsser to test against the vulnerable app from the video 
      docker run -it --rm --name xsser xsser -u "http://192.168.99.1:3000/?name=XSS"
  3. 3.

    Resources

Etiquetas:

Comentarios

Publicar un comentario

Entradas populares de este blog

How to copy files from and to a running Docker container

Sometimes you want to copy files to or from a container that doesn’t have a volume previously created, in this quick tips episode, you will learn how. Above is the vid and below you will find some useful notes. 1. Pre-reqs Have Docker installed 2. Start a Docker container For this video I will be using a Jenkins image as an example, so let’s first download it by using docker pull docker pull jenkins/jenkins:lts
Publicar un comentario
Leer más

How to create an AEM component using Reactjs

In this tutorial, I will show how to use use Adobe's archetype to create an AEM application with React.js support and also how to add a new React.js component so that it can be added into a page, above is the vid and below you will find some useful notes. In the second part we will see how to configure the Sling Model for the AEM React component. 1. Pre-reqs Have access to an Adobe Experience Manager instance. You will need aem 6.4 Service Pack 2 or newer. Have Maven installed, understand how it works and also understand how to use Adobe's archetype, you can watch my video about maven here: Creating an AEM application using Maven and Adobe's archetype 2.
4 comentarios
Leer más

House price prediction 3/4: What is One Hot Encoding

A series about creating a model using Python and Tensorflow and then importing the model and making predictions using Javascript in a Vue.js application, above is the vid and below you will find some useful notes. Here, in part 3 of this series, I will show what is and how does one hot encoding works. In the first post, called House price prediction 1/4: Using Keras/Tensorflow and python , I talked about how to create a model in python, pre-process a dataset I've already created, train a model, post-process, predict, and finally about creating different files for sharing some information about the data for use on the second part. Then in part 2, called House price prediction 2/4: Using Tensorflow.js, Vue.js and Javascript , I took the model, the data for pre and post processing and after loading everything we were finally able to predict
Publicar un comentario
Leer más