最新消息:请大家多多支持

Master The Xss(Cross Site Scripting) For Real World Apps

其他教程 dsgsd 79浏览 0评论

Published 6/2023
MP4 | Video: h264, 1280×720 | Audio: AAC, 44.1 KHz
Language: English | Size: 4.44 GB | Duration: 4h 51m

Learn to Find,Build,Chain,Exploit Cross-Site scripting in real world applications for bug bounty

What you’ll learn
Find XSS(Cross Site Scripting) on real world applications
Learn the manual and automated ways to find xss with deeper analysis
Learn to make own payloads and impart great impact in different cases to applications
Learn to chain different vulnerabilities with cross site scripting and make good impacts
Learn all the attacks possible with cross site scripting
Find multiple ways to bypass the restrictions
Learning from real world targets and quality labs

Requirements
You should know basics of bug bounty like vulnerabilities related to OWASP TOP 10
You should know basics of Burpsuite,basic linux commands
If you know basics of programming ,HTML , css or basic development then it will be great
should know the installation of tools like burpsuite,linux tools like waybacks,gau,gf etc

Description
Cross Site Scripting is one of known and important vulnerability in Bug bounty , cross scripting as ability to hijack user cookies and session and can possibly perform account takeover but now a days due to increasing competition in bug bounty and more security in applications it is hard to find xss issues we now have to rely on manual things rather than automation tools,scripts to find a better issue,in this course i have covered lot of fresh content and things which will be definately new and interesting for you.other than account takeovers i have covered other interesting attacks with xss like keylogger attack,content manipulation attack, open redirection.Additionally i have covered the session where i am showing how you can chain xss with other vulnerabilities like file upload, IDOR etc.From this course you will be able to learn Finding cross site scripting in real world applicationLearning how to build own payloads for different types of attacks possible with cross site scriptingunderstanding account takeovers via xss with understanding cookies,session,localstorage and understanding conditions required for account takeoverLearning how to chain different vulnerabilities with xss with other vulnerabilities like file upload,IDOR(Indirect object reference),subdomain takoever,CVEsLearning how to exploit using other vulnerabilities like open redirection,keylogger and content manipulation attackLearning to bypass different restrictions of secure applicationall the things are demonstrated via real targets and different labs resourcesUpcoming videos for the course:postmessage xsssome more examples of chainingxss preventionsDisclaimer : All the things demonstrated in the course is for education purpose only don’t use this malicious or bad way to harm any other organisation

Overview
Section 1: Introduction

Lecture 1 Introduction about author

Lecture 2 Introduction to course

Section 2: Getting Started with XSS

Lecture 3 what is xss?

Lecture 4 Basic Javascript you need to know

Section 3: Types of XSS

Lecture 5 Reflected XSS

Lecture 6 Automation for reflected xss

Lecture 7 Stored XSS

Lecture 8 DOM XSS

Lecture 9 Automation for DOM XSS

Section 4: Account Takeover via XSS

Lecture 10 Cookies, session and localstorage basics

Lecture 11 Cookies/session/localstorage hijacking

Lecture 12 Account takeover in workflow

Section 5: Bypassing XSS restrictions

Lecture 13 bypassing using encoding

Lecture 14 sandox , sandbox restriction bypass and bypassing the company fix

Section 6: Other great attacks if no account takeover is possible

Lecture 15 Open Redirection

Lecture 16 Keylogger attack (keyhijacking attack) and content manipulation attack

Lecture 17 looking all in real website with proper workflow

Section 7: Chaining XSS with other vulnerabilities and leveraging the net impact

Lecture 18 File upload to XSS

Lecture 19 XSS chained with IDOR

Lecture 20 XSS via CVE(Common Vulnerability Exploit)

Lecture 21 Subdomain Takeover to XSS

Section 8: Self XSS

Lecture 22 self xss , how to make self xss a valid reflected xss and ATO with self xss

Section 9: Automation(Recon) for xss

Lecture 23 Recon for xss

Section 10: Blind XSS

Lecture 24 blind xss

Beginners who are looking for more great resource for learning xss,Intermediates who want to enhance power of finding xss vulnerabilities in real world applications,Advance who are looking for more decent examples and scenerios,Anyone from development side want to learn the exploitation via cross site scripting,Bugbounty hunters,Pentesters,IT analysts,Risk analysts,Security Analysts,Developers,Security Engineers


Password/解压密码www.tbtos.com

资源下载此资源仅限VIP下载,请先

转载请注明:0daytown » Master The Xss(Cross Site Scripting) For Real World Apps

您必须 登录 才能发表评论!