1.2 What is XSS, Types of XSS, and Prevention

00:00

Hi, everyone. Welcome back to the course. So in the last video, we talked about the overall course objectives. So we talked about that. We're gonna learn what crossing scripting is. We'll also talk about the different types of cross site scripting, and we're gonna have some hands on labs. We also talked about the core structure in general. So again, there supplement of resource is for you. Make sure you click on the resource is tap and download those.

00:18

And then we went over my background. Is your instructor

00:21

in this video where to go ahead and talk about will Cross site scripting is as well as the different forms of it.

00:28

So quick pre assessment question here. Ah, penetration tester runs a following and map command against the client systems. What's the purpose of this command? And I'll give you a hint that there's a hint in this particular command.

00:39

So it's gonna be a this command. Carl's websites with Google Spider on Port 80.

00:43

It's gonna be be this command runs a denial of service and Web attack using cross site scripting. Is it gonna be? See this command test for Dom base cross site scripting vulnerabilities Or is it gonna be D? This command runs a Power shell script against Traffic Import 80.

01:00

All right. As I mentioned, there was a hint in it. So if you see there where we run the script, it says, Don base. So that was your hint right there that we were looking for Dom Base, which is Answer C.

01:10

So if he kills Answer. See, you are correct.

01:14

So are learning objectives for this video. We're gonna learn what cross ex scripting is. We'll talk about what it is. Well said. I learned the different types of cross site scripting.

01:23

So what is cross site scripting? Well, generally speaking, it's usually client signed. Reflected as well. Talk about a little bit is the more common version of it. But there is a stored version of it that someone could, for example, take over a Web page or take over the Web server and inject malicious code. And that way, every single person coming to that page will get reinfected.

01:44

So, as I mentioned, a script is generally run. It's normally is targeted towards browsers, so that again the most common format you'll see and specifically trying to steal like cookies or session tokens and a tool that we're gonna use actually, in our one of our labs is gonna be a tool called Beef Will use that briefly

02:00

and again plugging Joe periods. You'll see that I plugged him several times throughout this course.

02:06

He's got a breaking stuff with Joe Siri's video on beef, so make sure you check that out as well in the catalog.

02:10

Now, before we jump into the different types of cross site scripting, I just want to mention

02:16

I want to show you a quick article regarding Attackers doing this on eBay. So what they did is they did cross site scripting attacks inside of eBay listings. This kind of an older article, but the is probably still out there and use an eBay just hasn't found it yet. I'm actually shocked that people still use today, but

02:36

I think a lot of people out there still do. I'm just one that doesn't so let's jump in to take a look at that real quick, and then we'll move on with talking about the different types of cross eyed scripting.

02:45

All right, so here's the article by Net craft again, it's it's talking about a little older thing is talking about it back in 2017. But as you as you probably know, many Attackers are still using old stuff and still exploiting stuff. So I would imagine that eBay still has his vulnerability in some capacity and it's still being exploited. We just are not aware of it.

03:05

So basically, you could read through the article I've elected in the supplement of resource is section for you. But essentially, Attackers were using cross site scripting and putting out listings s o that way as you as a user. As you clicked on the listings. Who would infect you with the cross? That scripting attack so you can scroll through the article, read through it. We're not going to read through it here. I just want to briefly show you this as one example.

03:23

I've been also some older examples as well. Across site scripting, you think about like the Sony attack

03:28

and stuff like that. We've got many examples out there, of course, site scripting into use. So again, it's pretty popular attack, as far as a reflected aspect of it stored is ah more dangerous formals kind of talk about that as well. And then Don based is not as common again in just a little bit. Will be talking about those.

03:46

All right, So now let's talk about the different types of cross site scripting, so we have stored. Or as it's more commonly called persistent, we also have reflected, which again, is the most common one. And then Dom based

03:57

so stored across the scripting is again the most dangerous one. So this one's gonna keep re infecting s, oh, kind of like some STDs or if you don't know what that is, sexually transmitted diseases. Some of those keep re infecting people so similar to something like that, not, as you know, not as dangerous to a human body.

04:15

Definitely dangerous to computer body

04:17

in that aspect. So they keep re affecting you. So, for example, like a Web page might be affected or Web server and you keep going to that and every single person going to that gets infected,

04:28

you'll find this commonly, like our forums,

04:31

that sort of stuff. You'll find a lot of these types of the stored excess s attacking like different forums and again when pages that are compromised

04:42

reflected cross end scripting as I mentioned before. It's the most common form simply because a lot of times they're just changing the Earl s o for you. See an example here where we change the last part of the U. R l to add in the script of whatever we want to run. Now this one obviously is just gonna jump up and alert box that tells us you've been attacked,

04:59

but otherwise it could be infecting our machine. The downside of that is from an attacker standpoint, Is

05:04

wants to use her, like, closes that Web page or clears her cookies.

05:09

I don't have that attack anymore, right? They have to, you know, I have to re attack them. That's where store it comes into play because we can keep re infecting them no matter what they do, right. If they clear their cookies, other browser, they're still gonna come get attacked.

05:20

And then Dobby basis is not is common

05:25

just because it takes a little more work and also because things like for it za Java script thing. But for example, like angular Js, it's got built in production against on base attacks, so you'll see that more recent websites or updated with states are not necessarily gonna be is vulnerable to this type of attack.

05:44

So how do we prevent it? Well, we could separate on trusted data. So you know the client side input data, the script, basically, that's that's going to be running. If that's not validated, then that's what basically allows the attack to occur. So if we separate that untrusted data and say, Wait a minute, you know, we don't know what this is

06:01

they did not run it. Then we could potentially prevent against this type of attack. Also, as I mentioned, using frameworks that escape across that script ings with frameworks with built in protection, like angular dot yes, also escaping on trusted http requests clearing our cookies get for reflected cross site scripting attacks that will help with that

06:21

and that you're developing a conscience security policy.

06:26

So a court post assessment question here David's concerned about cross site scripting attacks and understands that cross that scripting attacks are typically targeted towards which of the following.

06:34

I want you to choose the best answer here because there are several answers that could be correct, which used the best one of these. So it's gonna be a

06:42

you know, clients. Be users. See cookies or D Web browsers.

06:47

If you guessed answer D Web browsers, you are correct. So again, cross that certain scripting attacks are typically targeted towards Web browsers in some capacity. But you'll notice there that we could have answered cookies for user's. Those were both kind of correct, but the best answer there was Web browsers.

07:04

All right, so in this video, we just briefly talked about what cross site scripting is. We talked about the different types of cross site scripting as well as some different ways, and we could potentially prevent against cross site scripting attacks