Ir al contenido principal

How to test your application for XSS vulnerabilities using XSStrike

When testing an application for XSS vulnerabilities it can be sometimes hard to come up with a successful attack and test multiple alternatives. You can use an app like XSStrike to automate this, in this quick tips episode, you will learn how. Above is the vid and below you will find some useful notes.
  1. 1.

    Pre-reqs

    • Have node.js installed for the sample app
    • Have Docker installed
  2. 2.

    Using XSStrike

    • Create the dockerfile with xsstrike
      FROM continuumio/anaconda3
      
      WORKDIR /workdir
      
      RUN apt-get install -y unzip
      
      ADD https://github.com/s0md3v/XSStrike/archive/master.zip ./
      
      RUN unzip master.zip && \
          rm master.zip
      
      RUN conda config --append channels conda-forge && \
          conda install fuzzywuzzy requests
      
      ENTRYPOINT ["python", "./XSStrike-master/xsstrike.py"]
      
    • Build the image
      docker build -t xsstrike .
      
    • Run xsstrike to check options
      docker run -it --rm --name xsstrike xsstrike
      
      Run xsstrike to test against the vulnerable app from the video
      docker run -it --rm --name xsstrike xsstrike -u "http://192.168.99.1:3000/?name=testing"
      
  3. 3.

Comentarios

Entradas populares de este blog

Creating Docker containers for Adobe Experience Manager

This is a Docker tutorial for creating a docker image for the Galen framework, above is the vid and below you will find some of the steps followed. Adobe experience manager is a content management system which in a nutshell is an application that allows us to create web sites to be consumed by end users. You might be familiar with other such applications like wordpress or drupal which serves the same purpose A typical deployment would be comprised of two AEM instances, the author instance used for creating and modifying content, the publish instance which serves the content and finally we have a dispatcher which is a static web server used for caching, load balancing and some security purposes. We can configure an AEM instance to work as an author or publish instance by either changing the file name for the jar file java -jar cq-author-450…

Creating a Mongo replicaset using docker: Mongo replicaset + Nodejs + Docker Compose

This is a Docker tutorial for creating a Mongo replica set using docker compose and also a couple more containers to experiment with the replica set, above is the vid and below you will find some of the steps followed.
StepsPre-reqsHave node.js installedAnd docker installed (make sure you have docker-compose as well)Create a container for defining configurations for a mongo instanceCreate a container for setting up the replica setCreate a simple node app using expressjs and mongoose (A modified version from the previous video)Create a docker-compose file with the mongo and setup containers and two additional containers for experimenting with the replica setBuild, Run and experiment with your new containers Create a dockerfile for the first mongo container (not really needed but you could configure more stuff if needed)Include container with mongo preinstalled: FROM mongoCreate default/working directory: WORKDIR /usr/src/configsCopy mongo's configurations file into the container
C…

Create a custom AEM workflow process step with a dialog

In this tutorial I talk about how to create a custom workflow step process with an additional dialog for configuring it, above is the vid and below you will find some useful notes. 1.Pre-reqs Have access to an Adobe Experience Manager instance. Have Maven installed, understand how it works and also understand how to use Adobe's archetype, you can watch my video about maven here: Creating an AEM application using Maven and Adobe's archetype 2.What is an AEM Workflow and workflow model Workflows allow you to automate different tasks inside AEM by defining a sequence of steps to be executed and the actions to be performed at each step. A workflow model represents the definition of a workflow using nodes for the steps or actions to be executed and transitions to define how the steps are organized and what is going to be th…