This repository contains Cypress tests for two labs: one for login functionality and another for cross-site scripting (XSS) testing.
/e2e/loginTest.cy.js
/e2e/xss.cy.js
find XSS payloads with XSStrike and then testing them using Cypress.
-
Install XSStrike:
Clone the XSStrike repository from GitHub and install the required Python packages.
bash
git clone https://github.com/s0md3v/XSStrike.git cd XSStrike pip install -r requirements.txt
-
Use XSStrike to Find XSS Payloads:
Run XSStrike by providing the target URL.
bash
python3 xsstrike.py -u "http://example.com"
XSStrike will search for potential XSS vulnerabilities and provide a list of payloads that can be tested.
-
Install Cypress:
Install Cypress globally.
bash
npm install cypress --save-dev
-
Set Up Cypress:
Run Cypress to open the Cypress Test Runner.
bash
npx cypress open
-
Create Test Cases in Cypress:
In the Cypress Test Runner, you can create test cases by writing JavaScript code in your test files, typically located in the "cypress/integration" directory.
-
Inject XSS Payloads:
In your Cypress test files, you can inject XSS payloads into your target web application by using the "cy.visit" and "cy.get" commands. For example, to inject an alert message, you can do something like this:
go to todo.file.js
-
Run Cypress Tests:
Save your Cypress test files and run the tests using the Cypress Test Runner. You can click on the test you want to run, and Cypress will open a browser window to execute the test.
-
Analyze Test Results:
Observe the test results to determine whether the XSS payloads are successfully executed. You can use assertions in your tests to confirm whether the payloads triggered an alert or other actions. for this code
Please ensure that you have proper authorization to test the target website for XSS vulnerabilities. Unauthorized testing may be illegal and can result in legal consequences. Always follow ethical hacking practices and obtain necessary permissions before conducting security testing on a website.