Python Ethical Hacking - VULNERABILITY SCANNER(5)
EXPLOITATION - XSS VULNS
XSS - CROSS SITE SCRIPTING VULNS
- Allow an attacker to inject javascript code into the page.
- The code is executed when the page loads.
- The code is executed on the client machine, not the server.
Three main types:
1. Persistent/Stored XSS.
2. Reflected XSS.
3.DOM-based XSS
DISCOVERING XSS
- Try to inject javascript code into the pages.
- Test text boxes and URL parameters on the form
- http://target.com/page.php?something=something
REFLECTED XSS
- None persistent, not stored.
- Only work if the target visits a specially crafted URL
- http://target.com/page.php?something=<script>altert("XSS")</script>
STORED XSS
- Persistent, stored on the page or DB.
- The injected code is executed every time the page is loaded.
Python Ethical Hacking - VULNERABILITY SCANNER(5)的更多相关文章
- Python Ethical Hacking - VULNERABILITY SCANNER(9)
Automatically Discovering Vulnerabilities Using the Vulnerability Scanner 1. Modify the run_scanner ...
- Python Ethical Hacking - VULNERABILITY SCANNER(7)
VULNERABILITY_SCANNER How to discover a vulnerability in a web application? 1. Go into every possibl ...
- Python Ethical Hacking - VULNERABILITY SCANNER(4)
Extracting & Submitting Forms Automatically Target website:http://10.0.0.45/dvwa/vulnerabilities ...
- Python Ethical Hacking - VULNERABILITY SCANNER(2)
VULNERABILITY_SCANNER How to discover a vulnerability in a web application? 1. Go into every possibl ...
- Python Ethical Hacking - VULNERABILITY SCANNER(8)
Implementing Code To Discover XSS in Parameters 1. Watch the URL of the XSS reflected page carefully ...
- Python Ethical Hacking - VULNERABILITY SCANNER(3)
Polish the Python code using sending requests in a session Class Scanner. #!/usr/bin/env python impo ...
- Python Ethical Hacking - VULNERABILITY SCANNER(1)
HTTP REQUESTS BASIC INFORMATION FLOW The user clicks on a link. HTML website generates a request(cli ...
- Python Ethical Hacking - VULNERABILITY SCANNER(6)
EXPLOITATION - XSS VULNS EXPLOITING XSS Run any javascript code. Beef framework can be used to hook ...
- Python Ethical Hacking - BACKDOORS(8)
Cross-platform hacking All programs we wrote are pure python programs They do not rely on OS-specifi ...
随机推荐
- android面试详解
前台就是和用户交互的进程 可见进程例如一个activity被一个透明的对话框覆盖,该activity就是可见进程 服务:service进程 后台一个activity按了home按键就是从前台退回到后台 ...
- android 中使用自定义权限
1.如果在一个进程中启动另外一个进程的activity <?xml version="1.0" encoding="utf-8"?> <man ...
- java多线程并发执行demo,主线程阻塞
其中有四个知识点我单独罗列了出来,属于多线程编程中需要知道的知识: 知识点1:X,T为泛型,为什么要用泛型,泛型和Object的区别请看:https://www.cnblogs.com/xiaoxio ...
- 计算机网络之HTTPS协议
• HTTPS协议是以安全为目的的HTTP通道,比单纯的HTTP协议更安全,相当于HTTP的升级版.• HTTPS的安全基础为SSL,就是在HTTP下加入SSL层,意思是HTTPS通过安全传输机制进行 ...
- Selenium Grid的原理、配置与使用(转)
Selenium GridSelenium Grid在前面介绍Selenium的时候说过它有三大组件,Selenium Grid就是其中之一而作用就是分布式执行测试.讲分布式之前还是要说说UI自动化的 ...
- 入门大数据---Hive是什么?
这篇文章主要介绍Hive的概念. 简介: Hive中文名叫数据仓库管理系统,之前我们操作MapReduce必须通过编写代码或者通过特殊命令来实现,有了Hive我们通过常用的SQL语句就能操作MapRe ...
- 入门大数据---Hbase 过滤器详解
一.HBase过滤器简介 Hbase 提供了种类丰富的过滤器(filter)来提高数据处理的效率,用户可以通过内置或自定义的过滤器来对数据进行过滤,所有的过滤器都在服务端生效,即谓词下推(predic ...
- 基于jQuery的打字机函数
<!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8&quo ...
- jquery入门(1)
1.jQuery简介 jQuery是一个快速.简洁的JavaScript框架,倡导写更少的代码,做更多的事情 jquery官方网站 jquery中文文档 1.1.简单函数封装 根据id.类名称来获取元 ...
- stm32存储器映像和标准库中定义外设地址的方法
结合存储器映像理解stm32标准库中定义外设地址的方法. stm32f103zet6是32位的.它所能访问的地址空间范围为2^32=4GB,把4GB分为8个block,分别为block0-block- ...