Live XSS Exploit: Using XSSFuzz to Break CSP on a Real Target!
Рет қаралды 2,492
Күн бұрынIn this video, I demonstrate how to exploit a live target using a powerful tool called XSSFuzz to uncover XSS vulnerabilities through a misconfigured CSP (Content Security Policy). Watch as I take you step-by-step through the process, revealing how XSSFuzz makes it easier to bypass security measures and find hidden vulnerabilities. By the end, you'll see a real-world XSS exploit in action, showing just how critical it is to have a properly configured CSP. Don't miss out on this thrilling demonstration of web security in action!
xssFuzz: github.com/Asp...
Previous Video: • Chaining Vulnerabiliti...
Finding XSS in 2024: • Bug Bounty: Best Way T...
Website: bepractical.tech
Telegram: telegram.me/be...
Previous Video: • Covering The Under Rat...
The Art Of Web Reconnaissance:
www.udemy.com/...
Hacking Windows with Python from Scratch: www.udemy.com/...
The Ultimate Guide to Hunt Account Takeover:
www.udemy.com/...
@BePracticalTech Күн бұрын
xssFuzz: github.com/Asperis-Security/xssFuzz/
@MustafaGains 7 сағат бұрын
This tool really helpful and time saving. it’s just give us a hint of weakness points in the CSP So that we can move forward to focus of this weakness to get an xss. ppl really dont even wanna read about the tool to understand what’s the tool purpose and what’s doing for us to use it correctly.
@haxonit 14 сағат бұрын
finally found a video where the youtuber is not saying to test out random payloads
@franciscomesquita2023 4 сағат бұрын
Very good" More videos on xss stored.
@Offended. 8 сағат бұрын
great content
@raghs3889 19 сағат бұрын
nice video... thank you very much
@abdulx01 14 минут бұрын
This is like generation base fuzzing. But its not enough to break sanitizer waf. You can add more mutation strategies.
@paramjeetsinghthiara1807 23 сағат бұрын
Great! 👍 Got to learn new technique
@BePracticalTech 23 сағат бұрын
I am glad!
@RajuHa-g3m 16 сағат бұрын
Make a video on dom base xss please
@uttarkhandcooltech1237 23 сағат бұрын
❤❤❤❤ love u bhai
@CyberSecHemmars 23 сағат бұрын
I was testing a web app and I injected a simple XSS alert(); but after reading the source, i noticed that the dangerous character were swapped with HTML escape character, for example "
@BePracticalTech 22 сағат бұрын
Generally they are considered to be safe! However there are certain scenarios where we can still get xss if the mitigation is weak or if it the value is reflecting in some interesting areas( like within a js code etc)
@vongochoanglam6328 12 сағат бұрын
can u rcm me the book or course tutorial for ctf web exploit
@musabsk 21 сағат бұрын
is it possible to test multiple urls at a time, kindly suggest
@BePracticalTech 20 сағат бұрын
@@musabsk I believe Asperis Security will release this feature in the next version!
@SecureByBhavesh Күн бұрын
First 🥇
@govindkumarjha2500 23 сағат бұрын
It accept payload like: ">alert(1) ???
@BePracticalTech 23 сағат бұрын
Yes
@Prince-zu5uj 23 сағат бұрын
Sir which vps u r using?
@BePracticalTech 22 сағат бұрын
Contabo
@akhilreddy9753 Күн бұрын
Should we do it by giving blind xss payload also
@BePracticalTech Күн бұрын
Please elaborate
@akhilreddy9753 Күн бұрын
@@BePracticalTech you are created you own server and add the path where you setup the T.txt file . Instead we also do like same thing in blind xss payload also . Like
@RajuHa-g3m 16 сағат бұрын
He want to say like he gives his blind xss payload and then check for xss but it doesn't make any sense he can try manually also for blind xss @@BePracticalTech
@lakshaygamerlt4032 20 сағат бұрын
give you xss payloads
@BePracticalTech 20 сағат бұрын
@@lakshaygamerlt4032 There are cusom payloads already present in the tool
@Max-mz3is 20 сағат бұрын
this tool doesn't work and not reliable at all try to run it against testphp it doesn't come up with basic xss such crap
@BePracticalTech 20 сағат бұрын
@@Max-mz3is As I have mentioned in the video, this tool is not your typical xss automation tool. It is more like fuzzing the xss payload's components like tags, events etc However, if you want to automate xss with this tool then you can use the xss payloads file and it will work without any issues. I would suggest you to watch the whole video and understand how to use this tool
BSides Ahmedabad
Рет қаралды 3,9 М.
BePractical
Рет қаралды 20 М.
The Cyberboy
Рет қаралды 88 М.