Ir al contenido principal

How to test your application for XSS vulnerabilities using XSSer

When testing an application for XSS vulnerabilities it can be sometimes hard to come up with a successful attack and test multiple alternatives. You can use an app like XSSer to automate this, in this quick tips episode, you will learn how. Above is the vid and below you will find some useful notes.
  1. 1.

    Pre-reqs

    • Have node.js installed for the sample app
    • Have Docker installed
  2. 2.

    Using XSSer

    • Create the dockerfile with xsser
      FROM kalilinux/kali-rolling
      
      WORKDIR /workdir
      
      RUN apt-get update && \
          apt-get install -y xsser
      
      ENTRYPOINT ["xsser"]
      
    • Build the image
      docker build -t xsser .
      
    • Run xsser to check options
      docker run -it --rm --name xsser xsser
      
      Run xsser to test against the vulnerable app from the video
      docker run -it --rm --name xsser xsser -u "http://192.168.99.1:3000/?name=XSS"
      
  3. 3.

Comentarios

Entradas populares de este blog

How to copy files from and to a running Docker container

Sometimes you want to copy files to or from a container that doesn’t have a volume previously created, in this quick tips episode, you will learn how. Above is the vid and below you will find some useful notes. 1. Pre-reqs Have Docker installed 2. Start a Docker container For this video I will be using a Jenkins image as an example, so let’s first download it by using docker pull docker pull jenkins/jenkins:lts ...

Exposing Reactjs component methods to Javascript or non-reactjs applications

blog-static-generator-new If you want to integrate your javascript or non-reactjs application with a reactjs app and be able to access reactjs components and call their methods to execute actions or get information out of them, in this quick tips episode, you will learn how. Above is the vid and below you will find some useful notes. 1. Pre-reqs Have node.js installed 2. Exposing React JS to Javascript or non-reactjs applications ...

Integrating Nodejs and Maven using The Maven Frontend Plugin

In this tutorial I show how to integrate nodejs with maven using the Maven Frontend Plugin, above is the vid and below you will find some useful notes. 1. Pre-reqs Have access to an Adobe Experience Manager instance if you want to install the AEM application and test it. The same pom configs shown here can be used for different types of applications Have Maven installed, understand how it works and also understand how to use Adobe's archetype, you can watch my video about maven here: Creating an AEM application using Maven and Adobe's archetype 2. Creating the base app ...