Giters

akatore / xss-challenge

An xss web challenge based on flask, nodejs, headless chrome & puppeteer

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

xss-challenge

An xss web challenge based on flask, nodejs, headless chrome & puppeteer

Local Setup

git clone https://github.com/maoning/xss-challenge.git
cd xss-challenge
docker-compose build
docker-compose up

Visit http://localhost:5000 to access the vulnerable app.

Design

vulnapp

vulnapp container hosts a simple flask app that contains a reflected xss vulnerability. When a message is submitted via the app, it calls xssbot service to read the message.

xssbot

xssbot is a nodejs server. Once it receives an api call from vulnapp to read a message, and if the message is a url, it will use headless chrome to visit that url with an admin cookie.

Caveat

xssbot can reach vulnapp service via http://vulnapp:5000.

About

An xss web challenge based on flask, nodejs, headless chrome & puppeteer

License:Apache License 2.0

Languages

Language:JavaScript 33.6%Language:HTML 29.0%Language:Python 24.1%Language:CSS 7.1%Language:Dockerfile 6.2%