Scribd Logo
Upload

Welcome to Scribd!

  • Module 8 Cross-Site Scripting (XSS) Lab: Description: Requirements: Step 1: Step 2

    Uploaded by

    Taha Khan
    21 views2 pages

    Original Title

    Module_8_Cross_Site_Scripting_XSS_Lab__1_

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    21 views2 pages

    Module 8 Cross-Site Scripting (XSS) Lab: Description: Requirements: Step 1: Step 2

    Uploaded by

    Taha Khan

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 2

     

     
     

     
    Module 8 Cross-Site Scripting (XSS) Lab

    Description:​ In this lab, you will perform a reflected cross-site scripting attack.
    Requirements:​ You will need access to the Cybrary lab environment for this lab.

    Step 1:​ Log into Cybrary


    Step 2:​ Launch the ​OWASP Cross-Site Scripting​ lab by searching for it in the catalog and
    selecting the launch button
    Note: It may take 30-40 seconds for the lab to launch after clicking the button.
    Step 3:​ When the lab opens, you will see a pop-up box. Select the Next button, then Ok to
    close the pop-up box.
    Step 4:​ You will then be taken to the Kali Linux log in screen.
    Step 5:​ Enter a username of ​student ​and a password of ​student ​to log into the desktop.
    Step 6:​ Next, launch Chrome by clicking the second icon down on the left-side menu.
    Step 7:​ Click on OWASP 2017
    Step 8:​ Click on A7 -Cross Site Scripting (XSS)
    Step 9:​ Reflected (First Order)
    Step 10:​ Password Generator
    Step 11:​ In the URL bar, change “anonymous” to “qwerty” and press Enter.

    Question 1:​ Do you see a username in the URL address bar now? ________________

    Step 12:​ Next, right-click on the page and select View Source.
    Step 13:​ Next, hold down the ​Control ​button on your keyboard and ​press F​. This will open
    a search box at the top-right of the page.
    Step 14:​ Type ​qwerty ​in the search box.

    Question 2: ​Did the search find the username qwerty? _______________________

     
    Brought to you by:  Develop your team with the ​fastest growing catalog​ in the 
    cybersecurity industry. Enterprise-grade workforce development 
    management, advanced training features and detailed skill gap and 
     
    competency analytics. 

     
     
     
     

     
    Step 15:​ Now, we’re going to add in our malicious Javascript code.
    Step 16:​ Close the View Source tab and you should now be back at the mutillidae page.
    Step 17:​ In the URL bar, replace the “qwerty” with the following and then press Enter.

    qwerty”; alert(“Malicious Javascript”); var testxyz=”test

    Question 3:​ Do you see a pop-up box that mentions malicious Javascript? __________

     
    Brought to you by:  Develop your team with the ​fastest growing catalog​ in the 
    cybersecurity industry. Enterprise-grade workforce development 
    management, advanced training features and detailed skill gap and 
     
    competency analytics. 

    You might also like