Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/0x0elliot/xss-ctf-with-python
A Web CTF that was originally made for AppSec Village DEFCON 29 CTFs [5th August 2021 - 8th August 2021] and had the name "Send me something interesting!"
https://github.com/0x0elliot/xss-ctf-with-python
backend browser css ctf defcon flask headless html python selenium xss
Last synced: 29 days ago
JSON representation
A Web CTF that was originally made for AppSec Village DEFCON 29 CTFs [5th August 2021 - 8th August 2021] and had the name "Send me something interesting!"
- Host: GitHub
- URL: https://github.com/0x0elliot/xss-ctf-with-python
- Owner: 0x0elliot
- Created: 2021-08-08T22:28:04.000Z (over 3 years ago)
- Default Branch: main
- Last Pushed: 2021-09-16T08:49:11.000Z (over 3 years ago)
- Last Synced: 2024-12-11T11:52:04.600Z (about 1 month ago)
- Topics: backend, browser, css, ctf, defcon, flask, headless, html, python, selenium, xss
- Language: Python
- Homepage:
- Size: 2.56 MB
- Stars: 2
- Watchers: 1
- Forks: 1
- Open Issues: 1
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# XSS CTF With Python
A Web CTF that was originally made for AppSec Village DEFCON 29 CTFs and had the name "Send me something interesting!"
How to launch deploy this?
It's very simple to deploy.
1. First go to "config.json" and add the ReCaptcha tokens. You can get them from here.
I have left the test keys provided by google so that it is always ready to be deployed and tested locally. Similarly, When you're deploying the CTF then it's recomended to
change the host to whatever your host is!
2. sudo docker-compose up It's that simple!
Why Does this CTF exist?
When I thought about creating a CTF, I thought I might look around in the community to understand exactly what kind of CTFs are being used out there written in Python
and dealing with XSS. I noticed that most that I found used Js and Python integration. Often times those integrations were done through the subprocesses module using
the command line with the link of the site that has to be visited by the bot being sent as a command line argument. I didn't like this and wanted to put in enough effort
to make a stand-alone Python only XSS challenge that didn't require any other tech stack so that the InfoSec community can learn from each other!
Found a bug in this code Or want to improve certain aspect of it?
Go ahead, do your thing. I will respond to issues as quickly as possible for fixes. Right now, There isn't any immediate issue I would open formally as I plan on
Expanding on this CTF in upcoming events and add 2-3 more layers to it. But If you feel like doing something, I would say the frontend of the site was a bit too rushed.
If someone helped prettify it, it would be great!
Solutions by the community: