Part 4 - Discovering XSS

Video Activity

This lesson offers step by step instructions in how to use to ARACHNI tool to do a XSS check using the Kali tool.

Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
4 hours 20 minutes
Difficulty
Intermediate
CEU/CPE
5
Video Description

This lesson offers step by step instructions in how to use to ARACHNI tool to do a XSS check using the Kali tool.

Video Transcription
00:03
>> Next we're going to do a cross-site
00:03
scripting check with Arachni.
00:03
Fantastic tool.
00:03
We're on the Kali box again,
00:03
going to do a quick ls resetting,
00:03
we're going to do a cd to
00:03
change directory over to desktop.
00:03
We're going to cd over to Arachni,
00:03
cd into bin,
00:03
then we're going to start
00:03
Arachni web with a./Arachni_web.
00:03
Give it a second to start up here.
00:03
Arachni has started on localhost at port 9292.
00:03
Going to above lice weasel,
00:03
I'm going to go to localhost port 9292.
00:03
We're going assign it with admin@admin.admin,
00:03
with the password of administrator.
00:03
We have successfully logged into Arachni.
00:03
Now we want to come up here Scan,
00:03
to start a new scan, and our target URL,
00:03
we want 192.168.011,
00:03
and remember you have to put the http:// in the front.
00:03
I'm going to drop down here
00:03
and select Cross-Site Scripting,
00:03
Global, and we wanted to do direct.
00:03
You can increase the instances.
00:03
Multiple instances will achieve
00:03
higher efficiency levels and
00:03
you will have decreased scan times.
00:03
However, when you're running
00:03
a scanner against a web application,
00:03
you don't necessarily want to throw
00:03
too much at the web application at once.
00:03
I have ran scans against
00:03
web applications for companies I've worked with,
00:03
and they have had pages that have been very brittle,
00:03
and as the scanners hit those pages,
00:03
it just completely breaks
00:03
them and causes the entire server to crash.
00:03
You don't want to overload a web page necessarily.
00:03
In a practice range like the PentesterLabs,
00:03
which are built and designed
00:03
to be able to be scanned heavily,
00:03
by all means, up the instance count to
00:03
knock out the scans as quick as you want.
00:03
But in a real-world environment,
00:03
keep those instances down,
00:03
run one vulnerability scan at a time, meaning,
00:03
go through SQL injection and then after SQL injection,
00:03
hit that cross-site scripting,
00:03
and then LFI directory traversal.
00:03
Whatever, do them one at a time.
00:03
Because if something crashes,
00:03
if something breaks, if something fails,
00:03
you want to be able to
00:03
identify what type of test broke it.
00:03
If you're running everything at the same exact time,
00:03
you necessarily can't pinpoint
00:03
exactly what broke that page,
00:03
so you want to do it step by step.
00:03
We're going to run the scan
00:03
now and we're going to let Arachni here do its thing.
00:03
The scan is complete.
00:03
That was a quick scan.
00:03
If you're running on
00:03
a larger website that has more code going for it,
00:03
those scans will not be that quick.
00:03
Here we see the cross-site scripting
00:03
and we see cross-site scripting in script context.
00:03
We have two different types of cross-site
00:03
scripting vulnerabilities that have been found.
00:03
Let's come up here, let's take a look at
00:03
Example 1 here, waiting our review.
00:03
Now if we come down here, you can see the seed that was
00:03
injected for this cross-site scripting.
00:03
We can see the request down here,
00:03
and it gives us our request that was sent.
00:03
Then if you come further down,
00:03
you can see the response.
00:03
We see here in the HTML code, hacker,
00:03
some dangerous input, and all these numbers.
00:03
Now, in this response back,
00:03
we're seeing it's an HTML code,
00:03
which means that most likely there was
00:03
a prompt of some sort that
00:03
had popped up due to this cross-site scripting attack.
00:03
Now we've found it,
00:03
discovered it here with this tool,
00:03
you can go in and again tailor your attack.
Up Next