Published 6/2023
MP4 | Video: h264, 1280×720 | Audio: AAC, 44.1 KHz
Language: English | Size: 4.44 GB | Duration: 4h 51m
Learn to Find,Build,Chain,Exploit Cross-Site scripting in real world applications for bug bounty
What you’ll learn
Find XSS(Cross Site Scripting) on real world applications
Learn the manual and automated ways to find xss with deeper analysis
Learn to make own payloads and impart great impact in different cases to applications
Learn to chain different vulnerabilities with cross site scripting and make good impacts
Learn all the attacks possible with cross site scripting
Find multiple ways to bypass the restrictions
Learning from real world targets and quality labs
Requirements
You should know basics of bug bounty like vulnerabilities related to OWASP TOP 10
You should know basics of Burpsuite,basic linux commands
If you know basics of programming ,HTML , css or basic development then it will be great
should know the installation of tools like burpsuite,linux tools like waybacks,gau,gf etc
Description
Cross Site Scripting is one of known and important vulnerability in Bug bounty , cross scripting as ability to hijack user cookies and session and can possibly perform account takeover but now a days due to increasing competition in bug bounty and more security in applications it is hard to find xss issues we now have to rely on manual things rather than automation tools,scripts to find a better issue,in this course i have covered lot of fresh content and things which will be definately new and interesting for you.other than account takeovers i have covered other interesting attacks with xss like keylogger attack,content manipulation attack, open redirection.Additionally i have covered the session where i am showing how you can chain xss with other vulnerabilities like file upload, IDOR etc.From this course you will be able to learn Finding cross site scripting in real world applicationLearning how to build own payloads for different types of attacks possible with cross site scriptingunderstanding account takeovers via xss with understanding cookies,session,localstorage and understanding conditions required for account takeoverLearning how to chain different vulnerabilities with xss with other vulnerabilities like file upload,IDOR(Indirect object reference),subdomain takoever,CVEsLearning how to exploit using other vulnerabilities like open redirection,keylogger and content manipulation attackLearning to bypass different restrictions of secure applicationall the things are demonstrated via real targets and different labs resourcesUpcoming videos for the course:postmessage xsssome more examples of chainingxss preventionsDisclaimer : All the things demonstrated in the course is for education purpose only don’t use this malicious or bad way to harm any other organisation
Overview
Section 1: Introduction
Lecture 1 Introduction about author
Lecture 2 Introduction to course
Section 2: Getting Started with XSS
Lecture 3 what is xss?
Lecture 4 Basic Javascript you need to know
Section 3: Types of XSS
Lecture 5 Reflected XSS
Lecture 6 Automation for reflected xss
Lecture 7 Stored XSS
Lecture 8 DOM XSS
Lecture 9 Automation for DOM XSS
Section 4: Account Takeover via XSS
Lecture 10 Cookies, session and localstorage basics
Lecture 11 Cookies/session/localstorage hijacking
Lecture 12 Account takeover in workflow
Section 5: Bypassing XSS restrictions
Lecture 13 bypassing using encoding
Lecture 14 sandox , sandbox restriction bypass and bypassing the company fix
Section 6: Other great attacks if no account takeover is possible
Lecture 15 Open Redirection
Lecture 16 Keylogger attack (keyhijacking attack) and content manipulation attack
Lecture 17 looking all in real website with proper workflow
Section 7: Chaining XSS with other vulnerabilities and leveraging the net impact
Lecture 18 File upload to XSS
Lecture 19 XSS chained with IDOR
Lecture 20 XSS via CVE(Common Vulnerability Exploit)
Lecture 21 Subdomain Takeover to XSS
Section 8: Self XSS
Lecture 22 self xss , how to make self xss a valid reflected xss and ATO with self xss
Section 9: Automation(Recon) for xss
Lecture 23 Recon for xss
Section 10: Blind XSS
Lecture 24 blind xss
Beginners who are looking for more great resource for learning xss,Intermediates who want to enhance power of finding xss vulnerabilities in real world applications,Advance who are looking for more decent examples and scenerios,Anyone from development side want to learn the exploitation via cross site scripting,Bugbounty hunters,Pentesters,IT analysts,Risk analysts,Security Analysts,Developers,Security Engineers
Password/解压密码www.tbtos.com
转载请注明:0daytown » Master The Xss(Cross Site Scripting) For Real World Apps