How to test your application for XSS vulnerabilities using XSSer

When testing an application for XSS vulnerabilities it can be sometimes hard to come up with a successful attack and test multiple alternatives. You can use an app like XSSer to automate this, in this quick tips episode, you will learn how. Above is the vid and below you will find some useful notes.

1.
Pre-reqs
- Have node.js installed for the sample app
- Have Docker installed

Using XSSer

Create the dockerfile with xsser

FROM kalilinux/kali-rolling

WORKDIR /workdir

RUN apt-get update && \
    apt-get install -y xsser

ENTRYPOINT ["xsser"]

Build the image
```
docker build -t xsser .
```

Run xsser to check options

docker run -it --rm --name xsser xsser

Run xsser to test against the vulnerable app from the video

docker run -it --rm --name xsser xsser -u "http://192.168.99.1:3000/?name=XSS"

3.

Resources

Github link for the code

XSSer

kalilinux/kali-rolling - Docker hub

Nodejs Hello world example App

DLightHouse

Buscar este blog

How to test your application for XSS vulnerabilities using XSSer

Pre-reqs

Using XSSer

Resources

Etiquetas

Comentarios

Publicar un comentario