https://github.com/priyabug/cross-site-scripting-simulation-elgg

To protect web applications from XSS attacks simulations, detection techniques, and prevention strategies helping developers and security professionals understand and defend against XSS vulnerabilities.
https://github.com/priyabug/cross-site-scripting-simulation-elgg

elgg-plugin linux ubuntu

Last synced: 3 months ago
JSON representation

To protect web applications from XSS attacks simulations, detection techniques, and prevention strategies helping developers and security professionals understand and defend against XSS vulnerabilities.

• Host: GitHub
• URL: https://github.com/priyabug/cross-site-scripting-simulation-elgg
• Owner: Priyabug
• Created: 2024-08-16T07:52:55.000Z (10 months ago)
• Default Branch: main
• Last Pushed: 2025-02-21T01:23:44.000Z (4 months ago)
• Last Synced: 2025-02-21T01:33:09.154Z (4 months ago)
• Topics: elgg-plugin, linux, ubuntu
• Language: JavaScript
• Homepage:
• Size: 13 MB
• Stars: 0
• Watchers: 1
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md

Awesome Lists containing this project

README

        
Cross Site Scripting Simulation Elgg


Description

- Cross-site scripting (XSS) is a vulnerability often present in web applications that allows attackers to insert malicious code, such as JavaScript, into a victim's web browser. This malicious code enables attackers to 

   steal sensitive information, like session cookies, from users. The security mechanisms used by browsers, such as the same-origin policy, can be circumvented through XSS vulnerabilities.

- To illustrate the potential of XSS attacks, we have set up a web application called Elgg in our pre-configured Ubuntu virtual machine. Elgg is a widely-used open-source platform for social networking, which includes 

   several countermeasures against XSS threats. However, for demonstration purposes, we have disabled these protections in our installation, making Elgg vulnerable to XSS attacks. Without these safeguards, users can post 

   any arbitrary content, including JavaScript code, to user profiles.

- In this project, vulnerability is to conduct an XSS attack on the modified Elgg installation. The attack should mimic the infamous Samy worm created by Samy Kamkar, which affected MySpace in 2005. The objective of this 

   attack is to propagate an XSS worm among users so that anyone who views an infected profile becomes infected and automatically adds the attacker to their friend list.





![image](https://github.com/user-attachments/assets/a89db4c0-597d-4548-9251-f4f42cef8ce3)

Languages and Utilities Used


- Python 

- Ubuntu 20.04 VM

- Linux 

Environments Used 


- Windows 10 (21H2)

Program walk-through:


Task 1: Posting a Malicious Message to Display an Alert Window


Task 2: Posting a Malicious Message to Display Cookies


Task 3: Stealing Cookies from the Victim’s Machine


Task 4: Becoming the Victim’s Friend