Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/t-sorger/xs-leaks-lab
A hands-on environment to explore Cross-site Leaks (XS-Leaks).
https://github.com/t-sorger/xs-leaks-lab
xsleaks
Last synced: about 1 month ago
JSON representation
A hands-on environment to explore Cross-site Leaks (XS-Leaks).
- Host: GitHub
- URL: https://github.com/t-sorger/xs-leaks-lab
- Owner: t-sorger
- License: mit
- Created: 2024-05-23T11:42:42.000Z (7 months ago)
- Default Branch: master
- Last Pushed: 2024-10-21T21:22:39.000Z (2 months ago)
- Last Synced: 2024-10-22T16:48:56.010Z (2 months ago)
- Topics: xsleaks
- Language: HTML
- Homepage:
- Size: 2.57 MB
- Stars: 0
- Watchers: 1
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# XS-Leaks Lab (XSLL)
Welcome to XS-Leaks Lab (XSLL) – a hands-on project exploring Cross-site Leaks (XS-Leaks). This project aims to introduce you to the topic while providing an interactive experience with selected XS-Leaks scenarios. For a deeper dive into the project, continue reading this README, and don't forget to explore the report available in this repository.## XSLL Structure
XSLL comprises two Docker containers:
- **Attacker**: This container is designed to simulate an attacker attempting to exploit vulnerabilities and leak information from the victim.
- **Victim**: The victim container represents the entity under attack, serving as a practical environment to understand and mitigate XS-Leak risks.## Installation
To get started, follow these steps:1. **Download or Clone Repository**
2. **Configure Hosts File**: Modify your system's hosts file (`/etc/hosts`) to include the following entries:
```
127.0.0.1 attacker.local
127.0.0.1 victim.local
```
Alternatively, adjust the scripts to use `localhost` or `127.0.0.1`.## Docker Container
For implementation, we utilize the official [NGINX Docker image](https://hub.docker.com/_/nginx) to set up the web servers within Docker containers. To manage these containers, use the provided scripts:
- **Start Docker Containers**:
```Bash
./setup.sh
```- **Stop Docker Containers**:
```Bash
./destroy.sh
```## Access Web Servers
After starting the Docker containers, you can access the web servers from your browser:
- [Attacker](http://attacker.local:31415/)
- [Victim](http://victim.local:27182/)Explore these links to interact with the simulated environments and delve deeper into XS-Leak vulnerabilities.
## Browser Version Used for Testing
All vulnerabilities in this lab were tested using the following browser version:
- Brave
- Version 1.66.118 Chromium: 125.0.6422.147 (Official Build) (arm64)