Cyber Security | Web Development

Step 1 : Download a certificate from below link      Download file: http://burpsuite/ Step 2: Modify format into .crt extension using burp suite app following below steps     Note:  Choose a downloaded certificate and Change the extension into .crt and save it.      Successfully exported cacert.crt format file now we have to move to emulator or devices      Installation certificate into emulator or device configuration      Move to cacert.crt file into emulator using drag and drop file into the screen      In setting  search Install certificate option                                                                                       ...

Lab 7: Reflected DOM XSS      Description: Reflected DOM vulnerabilities occur when the server-side application processes data from a request and echoes the data in the response.      Tool required: Burp Suite Step 1: UI View Step 2: In burp suite tool find a JSON file  Step 3: We have a JSON file restricted with eval() function. Step 4: To bypass eval() function using payload       \"-alert(1)}// Step 5: Result Lab 8: Stored DOM XSS      Description: In an attempt to prevent XSS , the website uses the JavaScript replace() function to encode angle brackets. However, when the first argument is a string, the function only replaces the first occurrence. We exploit this vulnerability by simply including an extra set of angle brackets at the beginning of the comment. These angle brackets will be encoded, but any subsequent angle brackets will be unaffected, enabling us to effectively bypass the filter and inje...

  Lab 1: Reflected XSS into HTML context with nothing encoded           Description:  This lab contains a simple  reflected cross-site scripting  vulnerability in the search function it reflected on the client-side. Step 1: UI view Step 2: Query pass in URL Step 3: Inject payload to get attack   Payload :   <script>alert(1)</script> Step 4: Result Lab 2: Stored XSS into HTML context with nothing encoded      Description:  This lab contains a  stored cross-site scripting  vulnerability in the comment functionality it is reflected on the server-side. Step 1: UI view Step 2: Inject payload in the Comment section and to get attack  Step 3: Go back to comment section   Lab 3: DOM XSS in document.write sink using source location.search      Description: This lab contains a DOM-based cross-site scripting vulnerability in the search query tracking functionality. ...