Giters

murtaza-u / lab-xss

Lab demonstrating simple XSS attack

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

cookiehijackingjwtxss

Simple Cross-Site Scripting Lab

App

Application vulnerable to XSS.

Attacker

Attacker has only one endpoint '/', which listens for incoming connections and logs all the query parameters to stdout.

Setup

With Docker

  • Starting the vulnerable application
docker run -it \
    -e PORT=8080 \
    -e JWT_SECRET="$(head -c 50 /dev/urandom | base64)" \
    -p 8080:8080 \
    murtazau/lab-xss app
  • Starting the attacker
docker run -it \
    -e ATTACKER_PORT=5000 \
    -p 5000:5000 \
    murtazau/lab-xss attack

Without Docker

git clone github.com/murtaza-u/lab-xss
cd lab-xss
go build -o lab-xss cmd/lab-xss/main.go
  • Starting the vulnerable application
export JWT_SECRET="$(head -c 50 /dev/urandom | base64)"
export PORT=8080
./lab-xss app
  • Starting the attacker
export ATTACKER_PORT=5000
./lab-xss attack

About

Lab demonstrating simple XSS attack

cookiehijackingjwtxss

License:Apache License 2.0

Languages

Language:Go 49.6%Language:JavaScript 34.6%Language:HTML 13.4%Language:CSS 1.4%Language:Dockerfile 1.0%