XSS attacks are talked about beyond the reflected and persistent types. It is intended to provide a broader vision of the possibilities within these types of attacks as well as the conditions for them to occur. It also explores and the operation of the XSSertool for launching attacks of this type.
Cross Site Scripting (XSS)
- XSS vulnerabilities encompassed any attack that allows executing scripting code in the context of another website.
- They can be found in any application whose final objective is to present the information in a web browser.
- Usually, the input data that is used in some applications is not correctly validated, allowing a malicious script to be sent to the application.
- To function they need an entry point, which is usually the forms.
- Through an XSS attack, you can hijack accounts, change user settings, access restricted parts of the site, modify site content, etc.
Types of XSS attacksDirect Attacks
- The direct attack of XSS (also called persistent XSS ), occurs when the attacker manages to embed malicious HTML code, directly on the websites that allow it.
- It works by locating weaknesses in the programming of HTML filters, if they exist, to publish content.
- This type of attack is usually the most common, and the code of the attacker is based on HTML tags (of the type or
- The result shows a window with the text "hello-world".
- This vulnerability is usually used to steal sessions and phishing.
It is a framework that allows:
- Detect vulnerabilities of type XSS
- Explore these vulnerabilities locally or remotely.
- Report in real time the vulnerabilities found.
Among its main features include:
- Graphic interface
- Support for GET and POST (this is important since in tools treated in previous articles only injections with GET could be performed).
- Heuristic analysis
- Preconfigured Exploits
- Export options
- Different bypassers to evade filters
Types of injections allowed:
- Classic XSS (code execution in an embedded script)
- Cookie Injection
- Cross Site “Agent” Scripting
- Cross Site “Refer” Scripting
- Injections in “Data Control Protocol” and “Document Objetct Model”
- HTTP Response Splitting Induced
EXAMPLES OF USE
- Basic injection
xsser -u “victima.com”
- Automatic injection (test all vectors)
xsser -u “victima.com” --auto
- Injection with custom payload
xsser -u “victima.com” --payload = ”> ”
- Local Exploitation
xsser -u “victima.com” --Fp = “ ”
- Remote operation
xsser -u “victima.com” --Fr = ” ”
- Dorking use
xsser -d “inurl: admin / echo” --De “google” --Fp = ” ”
- Use of HTTP Refer proxy and header spoofin
xsser -u “victima.com” --proxy http: // localhost: 8118 --refer “666.666.666.666”
- Use of hexadecimal encoding
xsser -u “victima.com” --Hex
- Multiple injection with 5 wires and coding with mutation
xsser -u “victima.com” --Cem --threads “5”
- Use of crawler with depth 3 and 4 pages
xsser -u “victima.com” -c3 --Cw = 4
- Exploitation through POST
xsser -u "victima.com" -p "target_host = name & dns-lookup-php-submit-button = Lookup + DNS"
XSSER GTKIt is a somewhat more intuitive option to use XSSer.
The tool starts with:
Thanks to the use of the “Wizard Helper”, guided operation can be carried out much more easily than by command line