When testing an application for XSS vulnerabilities it can be sometimes hard to come up with a successful
attack and test multiple alternatives. You can use an app like XSSer to automate this, in this quick tips
episode, you will learn how. Above is the vid and below you will find some useful notes.
- 1.
Pre-reqs
-
Have node.js installed for the sample app
-
Have Docker installed
-
- 2.
Using XSSer
-
Create the dockerfile with xsser
FROM kalilinux/kali-rolling WORKDIR /workdir RUN apt-get update && \ apt-get install -y xsser ENTRYPOINT ["xsser"]
-
Build the image
docker build -t xsser .
-
Run xsser to check options
Run xsser to test against the vulnerable app from the videodocker run -it --rm --name xsser xsser
docker run -it --rm --name xsser xsser -u "http://192.168.99.1:3000/?name=XSS"
-
- 3.
Comentarios
Publicar un comentario