Hello everyone! 😄
I hope everyone is doing well.
Automating stuff is always fun so why not XSS.
Pre-requisites: XSSCrapy
Workflow:-
Choose your target after installing the aforementioned program. Use the Privet Bounty program at "https://target.com" for testing.
The benefit of using this tool is that no endpoints or subdomains are required.
Time to on XSScrapy and start finding XSS.
Use this command for XSSCrapy
./xsscrapy.py -u https://target.com
Finally, here are the results.
payload detected
Now Let's Talk How You Can Prevent This
Web Application Firewall (WAF) is the greatest defence for an online application against any XSS attack.
In order to filter particular
online application material and defend against XSS, SQL Injection, File
Inclusion, and Security Misconfiguration threats, WAF is an automated
solution created using artificial intelligence and machine learning
algorithms.
Every time a user sends a request to the web server, the request first travels to the WAF, which filters it, and then the request is delivered to the web server. Similar rules apply to web servers as well. When a web server responds to a user, it first sends the response to a WAF, where it is filtered before being sent on to the user.
Thanks for reading!
Hope this was helpful.
Everyone have fun learning!
0 Comments