A keylogging script that can be injected into websites vulnerable to cross-site scripting. The script tracks user keypresses by concatenating each keypress into a string that is POSTed to a server. The script can be found in file keylogscript.html and can be tested on file captainslog.html. The POST request is currently commented out, but if … Read more
Play Music HTML5 Audio XSS Payload The script below allows you to share your favorite mp3 through your target browser. Let’s assume the XSS payload was injected into a web page that supports unrestricted HTML an mp3 audio file would then play to the visitors of the compromised web page. if(document.getElementById(‘xss_audio’) == null ) { … Read more
How to Hack Web Browsers Using BeEF (The Browser Exploitation Framework) What is BeEF? BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser. Amid growing concerns about web-borne attacks against clients, including mobile clients, BeEF allows the professional penetration tester to assess the actual … Read more
Welcome back today we will talk about Injecting some malicious XSS code into a Image. We will be using Kali Linux for this tutorial however you can use an operating system of your choice. We recommend using Linux. If you don’t already have Linux you can download Kali Linux from here. Cross Site Scripting is … Read more