Introduction to Cross Site Scripting 

Johnny Vestergaard <jkv@unixcluster.dk>http://dk.linkedin.com/in/johnnykv

Lightning talk held at OSAA

March 2012

XSS - Cross Site Scripting Worst name ever??

● Think of it as "JavaScript Injection".○ (and ignore the haters)

● Injection of malicious JavaScript on a site with the intend of client side execution.

● Three types: Reflected, Persistent and DOM based.● We will focus on Persistent XSS tonight.

Safe website

Vulnerable website

Hey - it's just client side!

Having a client side party

●Possibilities○Host scanning of client-side LAN○ Session takeover (cookie stealing)○Eavesdropping

■Keylogging■ Events

○Complete control of the page● Limitations

○Confined to the browser

Demo

●Keylogger using metasploit

●Cookie stealer with python backend

Demo #1 -  Keylogger with metasploit

Demo #2 -  The Cookie Monster

https://gist.github.com/1968842

Do it yourselfWhitehat style

● Backtrack 5○ http://www.backtrack-linux.org/

●OWASP Broken Web Applications Project○ VMware image with broken web apps○ http://bit.ly/yNsF9K

●Cookie Monster○ http://gist.github.com/1968842

● Slides○ http://www.slideshare.net/JohnnyKV/