Scribd Logo
Upload

Welcome to Scribd!

  • Internship - PPT (Autosaved)

    Uploaded by

    Rakesh R
    12 views14 pages

    Original Title

    Internship_PPT [Autosaved] (8)

    Copyright

    © © All Rights Reserved

    Available Formats

    PPTX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    12 views14 pages

    Internship - PPT (Autosaved)

    Uploaded by

    Rakesh R

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 14

    SRINIVAS UNIVERSITY INSTITUTE OF ENGINEERING AND TECHNOLOGY

    MUKKA MANGALURU- 574146


    Department of Cyber Security and Cyber Forensics
    VIIIth Semester
    INTERNSHIP

    Internship Presentation
    on
    “Cross-Site Scripting (XSS) on Burp Suite”
    Under The Guidance of, Presented By,

    Ratheesh
    Name: Dr. Krishna Prasad
    1SU20CF035

    Date of Presentation: 16/02/2024


    Designation: HoD, CS and CF
    CONTENTS
    • Abstract
    • Introduction
    • About Organization
    • Literature survey
    • Existing System
    • Proposed system
    • System requirements
    • Architecture diagram
    • Implementation (Task performed)
    • Results
    • Conclusion
    • References
    Abstract
    The process of testing a web application for Cross-Site Scripting (XSS) vulnerabilities
    using Burp Suite, a popular penetration testing tool. The researcher first sets up their
    browser to use Burp Suite as a proxy and intercepts requests to the web application.
    They then use Burp Suite's Intruder feature to fuzz the DNS Lookup page with a list of
    XSS payloads from the wordlist. The results show several successful XSS attacks, with
    request number 3 demonstrating a pop-up alert box when the payload is pasted into the
    DNS Lookup utility.
    Introduction
    Cross-Site Scripting (XSS) is a type of web application vulnerability that allows attackers to
    inject malicious scripts into web pages viewed by unsuspecting users. This can lead to a variety
    of malicious activities, including data theft, account takeover, and the execution of arbitrary
    code.

    XSS vulnerabilities occur when web applications fail to properly validate or encode user-
    supplied data, allowing attackers to inject malicious scripts into the web page. These scripts can
    then be executed by the user's web browser, allowing the attacker to steal sensitive information,
    such as cookies or login credentials, or to perform actions on behalf of the user.
    About Organization
    •EyeQ Dot Net Pvt. Ltd. is a cyber-security-based company located in Mangalore, Karnataka, India,
    offering a wide range of high-quality cyber security and IT infrastructure security services.

    •The company has a strong commitment to protecting data and privacy, holding several certifications
    such as ISO 27001, ISO 27017, ISO 27018, and ISO 9001 for information security management, cloud
    security, and quality management systems.

    •EyeQ Dot Net Pvt. Ltd. has a robust cybersecurity framework that includes thorough screenings and
    trainings for employees, strict access control measures, and secure software development lifecycles.
    They also encourage security researchers to report potential vulnerabilities.

    •The organization is dedicated to raising awareness about cybercrime and prevention through educational
    initiatives and awareness programs.
    Proposed System
    •Detection Mechanism: Implementing advanced detection methods to identify and
    highlight potential XSS vulnerabilities on websites.

    •Prevention Strategies: Introducing robust preventive measures to mitigate the risk


    of XSS attacks and enhance overall web security.

    •Alert System: Incorporating an alert system that promptly notifies users or


    administrators upon the detection of potential XSS vulnerabilities
    System Requirements
    Technical Requirements
    • Processor with high computing speed
    • 8 GB RAM
    • Atleast X86 CPU
    • Free disk space

    Software Requirements
    • Windows / Linux
    • Burp suite
    Architecture Diagram
    Implementation
    •Go to the website and input "hello" in the search bar.

    •Open Burp Suite, connect it to the browser, and enable intercept in the proxy.

    •Click on the search button in the browser to generate intercepted data.

    •Forward the data and examine for the presence of the "hello" word.

    •Send the data to the Intruder module in Burp Suite.

    •In Intruder, add "hello" to the payloads and load them.

    •Click the start payload button and observe the Result status for potential XSS vulnerabilities.
    Results
    Results
    Conclusion
    •In conclusion, the presentation highlighted the critical importance of addressing XSS
    vulnerabilities in web applications. Our proposed system provides an effective means of
    detection and prevention, showcased through practical steps. The demonstrated approach
    empowers users to identify and mitigate XSS threats, bolstering overall website security.
    It's imperative to stay proactive, regularly updating systems, and fostering a security-
    conscious development environment. By adopting these practices, we contribute to a
    safer digital landscape, guarding against the persistent threat of XSS attacks.
    References
    •What is cross-site scripting (XSS) and how to prevent it? | Web Security Academy (p
    ortswigger.net)

    •https://xss-labs.thecyberhub.org/xss1

    •Cross-Site Scripting (XSS) attacks and defense mechanisms: classification and state-
    of-the-art (researchgate.net)
    Thank You

    You might also like