Time
4 hours 20 minutes
Difficulty
Intermediate
CEU/CPE
5

Video Description

This lesson continues to cover XSS and focuses on XSS with VEGA. Participants receive step by step instructions in how to turn on XSS injection checks to perform a scan.

Video Transcription

00:04
welcome to cyber ery. I'm Raymond Evans. I will be your subject matter expert for Cyber Aires web at penetration testing course. In this section, we will be discussing discovering cross site scripting so it will be covered. Well, we're gonna be discussing
00:20
discovering cross site scripting with tools and and discovering cross site scripting manually.
00:24
So the first tool that we will be discussing as cross site scripting with Vega I showed you sequel injection Discovery with Vegas. So now I'm gonna cover some cross the scripting discovery with big as well. So here we are in our Kelly environment
00:40
we're gonna have to do is go up to applications. We have application analysis and you're going to start big up. Now, remember, it does take a second for Vega toe pop up. So you gotta stick with it and ah,
00:52
let it do its thing.
00:54
All right, so here we have big up. We see some of the results from our previous scan up here still populated.
01:00
So let's go to scam start a new scan.
01:04
And are you Earl for our page was 192
01:11
that 168
01:12
dad 0.11
01:18
Gonna click next on here
01:21
now you will want to. If you do have the old results in, you will want to include the previous discovered paths. Form the Web model,
01:30
turn everything off again, and then we're gonna come through Margo, turn on cross a scripting injection check here,
01:42
come down here.
01:45
Make sure we got everything. If there's any other cross site scripting here,
02:07
no, unless he would be everything. Press says it next
02:10
again. If we had some kind of identity, we would like to use where we could do that next, again
02:16
and again. If there's any kind of parameters you want to exclude, you will put them here. So it's finish
02:22
Ban. Let's let it run its skin here
02:27
and we see the scan has started identifying some vulnerabilities here. So it's quick down here and let's take a look at what the scan gives us here.
02:36
So it's identified 10 cross site scripting
02:40
vulnerabilities here, and we can click on the vulnerability it's found.
02:46
See the request that was made and come down here. We can see some impact and remediation and discussion
02:53
Come over here requests. You could see some some more detailed information here,
03:00
so example, five request was made.
03:05
We'll see exactly what was made. And then if you want to dig deeper into what you've gotten back,
03:10
you can view the response here. Toe try. Figure out where exactly
03:16
the cross site scripting popped off. And
03:22
you know what? What exactly it had done here.
03:25
So we will actually be showing you. Ah, manual cross A scripting here
03:32
and ah
03:36
Shea what it looks like firsthand when, uh, when you attempt a cross site scripting here,
03:44
see, where's our cross it scripting at
03:47
area.
03:53
So
03:53
here we see a request, and in the response it highlights and the HTML code
04:00
where you received the response back, which is very handy. So this helps you pinpoint
04:09
were executive exactly when a place that attack what you want to see for the attack and things like that in the discovery phase. So
04:16
I'm really good. Check out the response and see what you get back.
04:20
Help
04:21
Taylor and create your next attack

Up Next

Web Application Penetration Testing

In this web application penetration testing course, SME, Raymond Evans, takes you on a wild and fascinating journey into the cyber security discipline of web application pentesting. This is a very hands-on course that will require you to set up your own pentesting environment.

Instructed By

Instructor Profile Image
Raymond Evans
Instructor