Ir al contenido principal

How to test your application for XSS vulnerabilities using XSStrike

When testing an application for XSS vulnerabilities it can be sometimes hard to come up with a successful attack and test multiple alternatives. You can use an app like XSStrike to automate this, in this quick tips episode, you will learn how. Above is the vid and below you will find some useful notes.
  1. 1.

    Pre-reqs

    • Have node.js installed for the sample app
    • Have Docker installed
  2. 2.

    Using XSStrike

    • Create the dockerfile with xsstrike
      FROM continuumio/anaconda3
      
      WORKDIR /workdir
      
      RUN apt-get install -y unzip
      
      ADD https://github.com/s0md3v/XSStrike/archive/master.zip ./
      
      RUN unzip master.zip && \
          rm master.zip
      
      RUN conda config --append channels conda-forge && \
          conda install fuzzywuzzy requests
      
      ENTRYPOINT ["python", "./XSStrike-master/xsstrike.py"]
      
    • Build the image
      docker build -t xsstrike .
      
    • Run xsstrike to check options
      docker run -it --rm --name xsstrike xsstrike
      
      Run xsstrike to test against the vulnerable app from the video
      docker run -it --rm --name xsstrike xsstrike -u "http://192.168.99.1:3000/?name=testing"
      
  3. 3.

Comentarios

Entradas populares de este blog

How to copy files from and to a running Docker container

Sometimes you want to copy files to or from a container that doesn’t have a volume previously created, in this quick tips episode, you will learn how. Above is the vid and below you will find some useful notes. 1. Pre-reqs Have Docker installed 2. Start a Docker container For this video I will be using a Jenkins image as an example, so let’s first download it by using docker pull docker pull jenkins/jenkins:lts

How to create an AEM component using Reactjs

In this tutorial, I will show how to use use Adobe's archetype to create an AEM application with React.js support and also how to add a new React.js component so that it can be added into a page, above is the vid and below you will find some useful notes. In the second part we will see how to configure the Sling Model for the AEM React component. 1. Pre-reqs Have access to an Adobe Experience Manager instance. You will need aem 6.4 Service Pack 2 or newer. Have Maven installed, understand how it works and also understand how to use Adobe's archetype, you can watch my video about maven here: Creating an AEM application using Maven and Adobe's archetype 2.

Integrating Nodejs and Maven using The Maven Frontend Plugin

In this tutorial I show how to integrate nodejs with maven using the Maven Frontend Plugin, above is the vid and below you will find some useful notes. 1. Pre-reqs Have access to an Adobe Experience Manager instance if you want to install the AEM application and test it. The same pom configs shown here can be used for different types of applications Have Maven installed, understand how it works and also understand how to use Adobe's archetype, you can watch my video about maven here: Creating an AEM application using Maven and Adobe's archetype 2. Creating the base app