Answer the question
In order to leave comments, you need to log in
T
T
Tremo2017-11-18 15:55:37
Tremo, 2017-11-18 15:55:37
How to bypass firefox xss protection which encodes url and prevents XSS from firing?
Good afternoon!
I'm learning xss varieties. Now stopped on XSS DOM.
I'm testing everything on the updated dvwa (Damn Vulnerable Web Application).
Most browsers encode the url string and I can't write javascript into the url as I did before. My request is being converted to:
www.xss/com/default=123%253Cscript%253Ealert('XSS')%253C%252Fscript%253E
Hint:
You don't need to do anything on the server side. the protection mechanism is on the client side.
Advise methods of operation or in what direction to move?
2 answer(s)
@Xrizolin
X
Xrizolin, 2018-07-12 @Xrizolin
Hello. If you're using Chrome, then this is the XSS auditor.
I recommend reading the Brute blog on this topic: https://brutelogic.com.br/blog/chrome-xss-bypass/
You can also try https://metascan.ru to automatically search for XSS in the project.
UPD: Actual bypasses for XSS auditor
https://github.com/EdOverflow/bugbounty-cheatsheet...
Similar questions
T
M
I
K
K
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question