Answer the question
In order to leave comments, you need to log in
I
I
Isaac Clark2015-02-13 18:25:37
Isaac Clark, 2015-02-13 18:25:37
XSS, how to simulate a request to the server?
Hello, tell me please.
I want to check the site for stability against xss attacks. To do this, in the form field, as well as in the value of the input itself: <img src=x onerror=alert(17)>
Now my browser, when I click on submit, replaces > with & .
Questions:
- how to emulate a request so that the browser doesn't escape/replace characters
- How exactly can you send a request to the server? emulate pressing the submit button?
- I heard, but did not see, that there are ways to encode javascript, that is, the program encodes, for example, a string
, which is then inserted into the form field and javascript cannot recognize the script in it, but at the same time it (the script) works in the browser, who knows please provide a link to such programs.
Thanks for your help and your time.
2 answer(s)
@Dark_Knight
@IceJOKER
G
Gosha Mann, 2015-02-13 @Dark_Knight
Look at the request in the console and, if the special characters are escaped on the client, which I doubt, then you can send the request through the REST client.
I
IceJOKER, 2015-02-13 @IceJOKER
In my opinion, this is not what you want - "I want to check the site for resistance against xss attacks", but to learn how to attack someone else's site!
If you are really worried about the security of your resource, then just escape the htm code and XSS will not bother you
Similar questions
T
V
R
A
D
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question