Ir al contenido principal

How to test your application for XSS vulnerabilities using XSSer

When testing an application for XSS vulnerabilities it can be sometimes hard to come up with a successful attack and test multiple alternatives. You can use an app like XSSer to automate this, in this quick tips episode, you will learn how. Above is the vid and below you will find some useful notes.
  1. 1.

    Pre-reqs

    • Have node.js installed for the sample app
    • Have Docker installed
  2. 2.

    Using XSSer

    • Create the dockerfile with xsser
      FROM kalilinux/kali-rolling
      
      WORKDIR /workdir
      
      RUN apt-get update && \
          apt-get install -y xsser
      
      ENTRYPOINT ["xsser"]
      
    • Build the image
      docker build -t xsser .
      
    • Run xsser to check options
      docker run -it --rm --name xsser xsser
      
      Run xsser to test against the vulnerable app from the video
      docker run -it --rm --name xsser xsser -u "http://192.168.99.1:3000/?name=XSS"
      
  3. 3.

Comentarios

Entradas populares de este blog

How to copy files from and to a running Docker container

Sometimes you want to copy files to or from a container that doesn’t have a volume previously created, in this quick tips episode, you will learn how. Above is the vid and below you will find some useful notes. 1. Pre-reqs Have Docker installed 2. Start a Docker container For this video I will be using a Jenkins image as an example, so let’s first download it by using docker pull docker pull jenkins/jenkins:lts ...

Brighten Up Your AEM Assets: How to Configure Default Backgrounds and Transparent Modes in Adobe Dynamic Media

Introduction The Importance of a Good Background Defining Your Default Background in AEM Defining Your Default Background in Dynamic Media Classic Transparent Images with fmt=png-alpha Explicit Background Colors with ?bgc Final Thoughts Introduction Welcome to our deep dive into the wonderful world of image backgrounds! In this post, we're going to explore how to configure Dynamic Media Classic in Adobe Experience Manager (AEM) to not only define a default background image but also how to get your images to pop with ...

Exposing Reactjs component methods to Javascript or non-reactjs applications

blog-static-generator-new If you want to integrate your javascript or non-reactjs application with a reactjs app and be able to access reactjs components and call their methods to execute actions or get information out of them, in this quick tips episode, you will learn how. Above is the vid and below you will find some useful notes. 1. Pre-reqs Have node.js installed 2. Exposing React JS to Javascript or non-reactjs applications ...