Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/murtaza-u/lab-xss
Lab demonstrating simple XSS attack
https://github.com/murtaza-u/lab-xss
cookie hijacking jwt xss
Last synced: 3 months ago
JSON representation
Lab demonstrating simple XSS attack
- Host: GitHub
- URL: https://github.com/murtaza-u/lab-xss
- Owner: murtaza-u
- License: apache-2.0
- Created: 2022-09-10T14:04:13.000Z (over 2 years ago)
- Default Branch: main
- Last Pushed: 2023-02-25T02:09:31.000Z (almost 2 years ago)
- Last Synced: 2024-06-21T09:46:06.924Z (7 months ago)
- Topics: cookie, hijacking, jwt, xss
- Language: Go
- Homepage:
- Size: 36.1 KB
- Stars: 3
- Watchers: 1
- Forks: 1
- Open Issues: 2
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# Simple Cross-Site Scripting Lab
## App
Application vulnerable to XSS.
## Attacker
Attacker has only one endpoint '/', which listens for incoming
connections and logs all the query parameters to `stdout`.
## Setup
### With Docker
* Starting the vulnerable application
```bash
docker run -it \
-e PORT=8080 \
-e JWT_SECRET="$(head -c 50 /dev/urandom | base64)" \
-p 8080:8080 \
murtazau/lab-xss app
```
* Starting the attacker
```bash
docker run -it \
-e ATTACKER_PORT=5000 \
-p 5000:5000 \
murtazau/lab-xss attack
```
### Without Docker
```bash
git clone github.com/murtaza-u/lab-xss
cd lab-xss
go build -o lab-xss cmd/lab-xss/main.go
```
* Starting the vulnerable application
```bash
export JWT_SECRET="$(head -c 50 /dev/urandom | base64)"
export PORT=8080
./lab-xss app
```
* Starting the attacker
```bash
export ATTACKER_PORT=5000
./lab-xss attack
```