XSS – Cross Site Scripting

BeeF Framework

BeeF is native in Kali and is a browser exploitation framework.

From the vulnerable website insert below javascript to connect to BeeF hook on attack host.

As XSS is a Client Side attack, most useful on persistent / stored XSS, e.g. Messageboards, Forums.

4 examples:

XSS Examples

Test for reflected XSS.

Display / write out cookies.

Drop users cookies on attacker webservice.