13SERIOUS CROSS-SITE SCRIPTING EXPLOITATION
Love all, trust a few, do wrong to none.
–William Shakespeare, All’s Well That Ends Well
This chapter explores a website exploitation technique called cross-site scripting (XSS) that lets you run your own JavaScript in other users’ browsers when they visit a vulnerable site. Successful XSS attacks can block access to websites, steal cookies and credentials, and even compromise a user’s machine.
Once you’re comfortable identifying and performing XSS attacks manually, we’ll explore the Browser Exploitation Framework, which allows you to quickly inject JavaScript into a vulnerable site for a variety of ...
Get Ethical Hacking now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
