Live XSS Exploit: Using XSSFuzz to Break CSP on a Real Target!

  Рет қаралды 2,267

BePractical

BePractical

Күн бұрын

In this video, I demonstrate how to exploit a live target using a powerful tool called XSSFuzz to uncover XSS vulnerabilities through a misconfigured CSP (Content Security Policy). Watch as I take you step-by-step through the process, revealing how XSSFuzz makes it easier to bypass security measures and find hidden vulnerabilities. By the end, you'll see a real-world XSS exploit in action, showing just how critical it is to have a properly configured CSP. Don't miss out on this thrilling demonstration of web security in action!
xssFuzz: github.com/Asp...
Previous Video: • Chaining Vulnerabiliti...
Finding XSS in 2024: • Bug Bounty: Best Way T...
Website: bepractical.tech
Telegram: telegram.me/be...
Previous Video: • Covering The Under Rat...
The Art Of Web Reconnaissance:
www.udemy.com/...
Hacking Windows with Python from Scratch: www.udemy.com/...
The Ultimate Guide to Hunt Account Takeover:
www.udemy.com/...

Пікірлер: 30
@BePracticalTech
@BePracticalTech 20 сағат бұрын
xssFuzz: github.com/Asperis-Security/xssFuzz/
@MustafaGains
@MustafaGains 3 сағат бұрын
This tool really helpful and time saving. it’s just give us a hint of weakness points in the CSP So that we can move forward to focus of this weakness to get an xss. ppl really dont even wanna read about the tool to understand what’s the tool purpose and what’s doing for us to use it correctly.
@haxonit
@haxonit 10 сағат бұрын
finally found a video where the youtuber is not saying to test out random payloads
@franciscomesquita2023
@franciscomesquita2023 17 минут бұрын
Very good" More videos on xss stored.
@Offended.
@Offended. 4 сағат бұрын
great content
@raghs3889
@raghs3889 14 сағат бұрын
nice video... thank you very much
@paramjeetsinghthiara1807
@paramjeetsinghthiara1807 19 сағат бұрын
Great! 👍 Got to learn new technique
@BePracticalTech
@BePracticalTech 19 сағат бұрын
I am glad!
@RajuHa-g3m
@RajuHa-g3m 12 сағат бұрын
Make a video on dom base xss please
@uttarkhandcooltech1237
@uttarkhandcooltech1237 19 сағат бұрын
❤❤❤❤ love u bhai
@CyberSecHemmars
@CyberSecHemmars 18 сағат бұрын
I was testing a web app and I injected a simple XSS alert(); but after reading the source, i noticed that the dangerous character were swapped with HTML escape character, for example "
@BePracticalTech
@BePracticalTech 17 сағат бұрын
Generally they are considered to be safe! However there are certain scenarios where we can still get xss if the mitigation is weak or if it the value is reflecting in some interesting areas( like within a js code etc)
@vongochoanglam6328
@vongochoanglam6328 8 сағат бұрын
can u rcm me the book or course tutorial for ctf web exploit
@musabsk
@musabsk 16 сағат бұрын
is it possible to test multiple urls at a time, kindly suggest
@BePracticalTech
@BePracticalTech 15 сағат бұрын
@@musabsk I believe Asperis Security will release this feature in the next version!
@govindkumarjha2500
@govindkumarjha2500 18 сағат бұрын
It accept payload like: ">alert(1) ???
@BePracticalTech
@BePracticalTech 18 сағат бұрын
Yes
@SecureByBhavesh
@SecureByBhavesh 20 сағат бұрын
First 🥇
@Prince-zu5uj
@Prince-zu5uj 18 сағат бұрын
Sir which vps u r using?
@BePracticalTech
@BePracticalTech 17 сағат бұрын
Contabo
@akhilreddy9753
@akhilreddy9753 19 сағат бұрын
Should we do it by giving blind xss payload also
@BePracticalTech
@BePracticalTech 19 сағат бұрын
Please elaborate
@akhilreddy9753
@akhilreddy9753 19 сағат бұрын
@@BePracticalTech you are created you own server and add the path where you setup the T.txt file . Instead we also do like same thing in blind xss payload also . Like
@RajuHa-g3m
@RajuHa-g3m 12 сағат бұрын
He want to say like he gives his blind xss payload and then check for xss but it doesn't make any sense he can try manually also for blind xss ​@@BePracticalTech
@lakshaygamerlt4032
@lakshaygamerlt4032 15 сағат бұрын
give you xss payloads
@BePracticalTech
@BePracticalTech 15 сағат бұрын
@@lakshaygamerlt4032 There are cusom payloads already present in the tool
@Max-mz3is
@Max-mz3is 16 сағат бұрын
this tool doesn't work and not reliable at all try to run it against testphp it doesn't come up with basic xss such crap
@BePracticalTech
@BePracticalTech 15 сағат бұрын
@@Max-mz3is As I have mentioned in the video, this tool is not your typical xss automation tool. It is more like fuzzing the xss payload's components like tags, events etc However, if you want to automate xss with this tool then you can use the xss payloads file and it will work without any issues. I would suggest you to watch the whole video and understand how to use this tool
Watch me hack a Wordpress website..
28:52
Watch me hack a Wordpress website..
Tech Raj
Рет қаралды 223 М.
Till Recollapse: Fuzzing the Web for Mysterious Vulnerabilities by Andre Baptista (@0xacb)
42:44
Till Recollapse: Fuzzing the Web for Mysterious Vulnerabilities by Andre Baptista (@0xacb)
BSides Ahmedabad
Рет қаралды 3,9 М.
🤔Насколько Глубокую Яму можно Выкопать ? #shorts
00:45
🤔Насколько Глубокую Яму можно Выкопать ? #shorts
King jr
Рет қаралды 12 МЛН
Synyptas 4 | Кәріс районның абыройын құртты !
20:38
Synyptas 4 | Кәріс районның абыройын құртты !
kak budto
Рет қаралды 663 М.
СИНИЙ ИЛИ ЗЕЛЕНЫЙ, КТО ПОБЕДИТ?! #Shorts #Глент
01:00
СИНИЙ ИЛИ ЗЕЛЕНЫЙ, КТО ПОБЕДИТ?! #Shorts #Глент
ГЛЕНТ
Рет қаралды 7 МЛН
Бабулька Granny пытается поймать Nuggets Gegagedigedagedago , но не тут то было!
00:33
Бабулька Granny пытается поймать Nuggets Gegagedigedagedago , но не тут то было!
Фани Хани
Рет қаралды 5 МЛН
Bug Bounty: Content Discovery on Large Scope Like a Pro! | 2024
13:53
Bug Bounty: Content Discovery on Large Scope Like a Pro! | 2024
BePractical
Рет қаралды 3,8 М.
The True Size of an AI Niche - Why Saturation is a Myth
16:51
The True Size of an AI Niche - Why Saturation is a Myth
Liam Ottley
Рет қаралды 3,3 М.
Remote Code Execution (RCE) Vulnerability | FirstBlood v2 | Bug Bounty Service
5:08
Remote Code Execution (RCE) Vulnerability | FirstBlood v2 | Bug Bounty Service
Martin Voelk
Рет қаралды 11 М.
Bug Bounty: Best Way To Find XSS & Bypass WAF | Live Demonstration | 2024
15:52
Bug Bounty: Best Way To Find XSS & Bypass WAF | Live Demonstration | 2024
BePractical
Рет қаралды 20 М.
DEFCON 19: Steal Everything, Kill Everyone, Cause Total Financial Ruin! (w speaker)
40:47
DEFCON 19: Steal Everything, Kill Everyone, Cause Total Financial Ruin! (w speaker)
Christiaan008
Рет қаралды 1,6 МЛН
Website Hacking Demos using Cross-Site Scripting (XSS) - it's just too easy!
34:52
Website Hacking Demos using Cross-Site Scripting (XSS) - it's just too easy!
David Bombal
Рет қаралды 325 М.
IoT PenTesting: How I Was Able to Hack Over 10,000 Uniway Routers! | 2024
18:50
IoT PenTesting: How I Was Able to Hack Over 10,000 Uniway Routers! | 2024
BePractical
Рет қаралды 2,5 М.
Covering The Under Rated Vulnerabilities: CORS Misconfiguration #1
17:19
Covering The Under Rated Vulnerabilities: CORS Misconfiguration #1
BePractical
Рет қаралды 2,7 М.
Broken Access Control | Complete Guide
39:33
Broken Access Control | Complete Guide
Rana Khalil
Рет қаралды 49 М.
Reconnaissance Technique: Best Tool For Shodan Reconnaissance | 2024
12:31
Reconnaissance Technique: Best Tool For Shodan Reconnaissance | 2024
BePractical
Рет қаралды 3 М.
🤔Насколько Глубокую Яму можно Выкопать ? #shorts
00:45
🤔Насколько Глубокую Яму можно Выкопать ? #shorts
King jr
Рет қаралды 12 МЛН