September 2018
Intermediate to advanced
426 pages
10h 46m
English
Content preview from Mastering Python for Networking and Security
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
Start your free trial
Testing Cross-site scripting (XSS)
Cross-site scripting is a type of injection attack that occurs when attack vectors are injected in the form of a browser-side script.
To test whether a website is vulnerable to XSS, we could use the following script where we read from an XSS-attack-vectors.txt file that contains all possible attack vectors. If, as a result of making a request to the site to analyze together with the payload, we obtain is the same information sent by the user that is shown again to the user, then we have a clear case of vulnerability.
You can find the following code in the URL_xss.py file in the XXS folder:
import requestsimport sysfrom bs4 import BeautifulSoup, SoupStrainerurl = 'http://testphp.vulnweb.com/search.php?test=query' ...