Forum Thread: How to Add My Script in XSS Attack?

I was going through XSS tutorials to be more specific the non-persistent one, and almost got a general idea on how the attack function , when i came down to practice it, one part wasn't able to get through my head, it may be a stupid question, but i actually don't know!

if the location of the malicious JS code is supposed to be brought online, or should i just provided the location of it in my directory,or what?

most tutorials that I've encountered didn''t cover this or maybe i skipped something!
for example say that i have a script.py in my Desktop, how do i move the actual thing?

2 Responses

The malicious JS code must be online, or it will be impossible for the target to reach it. This can be done by either renting a web hosting service, or on your own local apache webserver.

If you port forward your apache webserver, you'll be able to use it on WAN aswell.

-Phoenix750

thank you , just One more thing if apache is for hosting web service, why didn't i see any inclination of it on beEf tuts !! thanks again:)

Share Your Thoughts

  • Hot
  • Active