Ir al contenido principal

How to test your application for XSS vulnerabilities using XSStrike

When testing an application for XSS vulnerabilities it can be sometimes hard to come up with a successful attack and test multiple alternatives. You can use an app like XSStrike to automate this, in this quick tips episode, you will learn how. Above is the vid and below you will find some useful notes.
  1. 1.

    Pre-reqs

    • Have node.js installed for the sample app
    • Have Docker installed
  2. 2.

    Using XSStrike

    • Create the dockerfile with xsstrike 
      FROM continuumio/anaconda3

WORKDIR /workdir

RUN apt-get install -y unzip

ADD https://github.com/s0md3v/XSStrike/archive/master.zip ./

RUN unzip master.zip && \
    rm master.zip

RUN conda config --append channels conda-forge && \
    conda install fuzzywuzzy requests

ENTRYPOINT ["python", "./XSStrike-master/xsstrike.py"]
    • Build the image 
      docker build -t xsstrike .
    • Run xsstrike to check options 
      docker run -it --rm --name xsstrike xsstrike
      Run xsstrike to test against the vulnerable app from the video 
      docker run -it --rm --name xsstrike xsstrike -u "http://192.168.99.1:3000/?name=testing"
  3. 3.

    Resources

Etiquetas:

Comentarios

Publicar un comentario

Entradas populares de este blog

Exposing Reactjs component methods to Javascript or non-reactjs applications

blog-static-generator-new If you want to integrate your javascript or non-reactjs application with a reactjs app and be able to access reactjs components and call their methods to execute actions or get information out of them, in this quick tips episode, you will learn how. Above is the vid and below you will find some useful notes. 1. Pre-reqs Have node.js installed 2. Exposing React JS to Javascript or non-reactjs applications ...
Publicar un comentario
Leer más

How to copy files from and to a running Docker container

Sometimes you want to copy files to or from a container that doesn’t have a volume previously created, in this quick tips episode, you will learn how. Above is the vid and below you will find some useful notes. 1. Pre-reqs Have Docker installed 2. Start a Docker container For this video I will be using a Jenkins image as an example, so let’s first download it by using docker pull docker pull jenkins/jenkins:lts ...
Publicar un comentario
Leer más

Brighten Up Your AEM Assets: How to Configure Default Backgrounds and Transparent Modes in Adobe Dynamic Media

Introduction The Importance of a Good Background Defining Your Default Background in AEM Defining Your Default Background in Dynamic Media Classic Transparent Images with fmt=png-alpha Explicit Background Colors with ?bgc Final Thoughts Introduction Welcome to our deep dive into the wonderful world of image backgrounds! In this post, we're going to explore how to configure Dynamic Media Classic in Adobe Experience Manager (AEM) to not only define a default background image but also how to get your images to pop with ...
Leer más