Active 1 month ago. Viewed 19 times. Active Oldest Votes. Sign up or log in Sign up using Google. Sign up using Facebook. Sign up using Email and Password. Post as a guest Name. Email Required, but never shown. The Overflow Blog. Podcast Cryptocurrency-Based Life Forms. Q2 Community Roadmap. Featured on Meta. Community and Moderator guidelines for escalating issues via new response…. Feedback on Q2 Community Roadmap.PhantomJS Tutorial 1 - Installing & Running PhantomJS
Post as a guest Name. Email Required, but never shown. The Overflow Blog. The Overflow How many jobs can be done at home?
Information Security Stack Exchange is a question and answer site for information security professionals. It only takes a minute to sign up. I have installed phantomjs and slimmerjs as shown in the video and have gone through each of the steps exactly as shown.
While the command 'slimerjs slimer. I feel there is an error in the file 'xss. Sign up to join this community. The best answers are voted up and rise to the top. Home Questions Tags Users Unanswered. Unable to use xssValidator on Burpsuite [closed] Ask Question.
Asked 3 years, 5 months ago. Active 3 years, 5 months ago. Viewed times. Thanks in advance :. Why do you feel that there is an error? I see none. Please do not post text as images. Active Oldest Votes. The Overflow Blog. The Overflow How many jobs can be done at home? Featured on Meta. Community and Moderator guidelines for escalating issues via new response…. Feedback on Q2 Community Roadmap. Related 0. Hot Network Questions.This will be the first in a series of Web app exploitation.
We start with XSS. Apparently it does, given the same-origin policy. The browser will never surrender cookies for a different host. However, if I can make the user run a script in lieu of an image which fails to load on a particular web page, and which redirects the cookie elsewhere then this would circumvent the same-origin policy.
After pressing Get your Lucky numberwe see:. Which proves that the box is vulnerable to some XSS at least. Apart from JS, I also tried. We found some XSS vulnerabilities manually. Unfortunately, while Burpsuite is installed by default on Kali, the plugins are not.
On the right panel, scroll down and install it. When done, configure the tabs as follows. Leave the other settings alone eg. Sniper attack type.
What is PhantomJS and How is it Used?
Before that, clear the Grep — Match of all the other results flag. Ok nearly done. Now we need to run PhantomJS with xss. This is where I got stuck the longest. But I figured it out eventually. Now we need the xss. This is where I had to hunt high and low for it.
We use a handful of tools to help automate this testing, but encounter a significant number of false positives and false negatives. We decided to build some tools to automate detection of XSS vulnerabilities, while minimizing the amount of false positives. There are quite a few options available already, but we have noticed that these contain a decent amount of false positives.
We decided to build our own PhantomJS application that would run as a server, listening for requests. In accompaniment with the PhantomJS application, we decided to build a Burp extender we could use to pass data to the PhantomJS server. We decided to build an Intruder extender as opposed to a scanner extender so that we could have more control over the attack procedure. In essence, the extender has a list of approximately common XSS payloads , each of which contains a trigger value of f7sdgfjFpoG.
These payloads are sent to the target, and when Burp receives the HTTP response associated with the request, it is passed along to the PhantomJS server for processing. These hooks will grab the function arguments, and see if they include the XSS trigger.
As such, we have confirmed an XSS finding. Navigate to the extender tab and click the Add button, as seen below:. Ensure that the extension type is Java, then click the Select file button and browse to the location of the xssValidator.
Click add then a window should appear. Ensure that there are no errors by clicking on the errors tab. If errors occurred it is likely that the. If the error persists reach out to us and let us help you! Create a new Intruder attack for the target request. Define the targets as you normally would, and navigate to the Payloads tab.
Select the payload type of extension-generated, as seen below. Click the add button under Payload Processing, and select Invoke Burp Extension from the dropdown menu. Select the XSS Validator processor, and click ok.
We define that as our target parameter, as seen below:. After executing the command, the server will be listening. Switch back over to the Burp Intruder Attack, and launch. As of this post, we have yet to see one. This was just a hack until we could figure out a better way of reporting.
We want automate this by automatically adding a new tab to the attack window that will mark positive findings, without using this string. More payloads — this tool will really only be effective with a comprehensive, and growing list of payloads. Application Assessments Static and dynamic analysis of web applications.
Cloud Assessments Comprehensive anaylsis of cloud architecture security. Mobile Assessments Pinpoint vulnerabilities in mobile environment. Network Assessments Reveal network risks and weaknesses. Code Remediation Mitigate software security vulnerabilities. Secure Architecture Review Understand threats and security controls in your design. Software Security Program Develop a new or improve your existing security program.We recently participated in the Yours Truly puzzle created by Josie Bellini josiebellini and managed to secure a victory by being the first to solve the entire puzzle series.
In our attempt to fingerprint LibreOffice as a PDF rendering service, we identified multiple implementation vulnerabilities. Here is a write-up with the process we took from start to finish. I recently came across across a request on a bounty program that took user input and generated an image for you to download.
After a little bit of a journey, I was able to escalate from XSS inside of an image all the way to arbitrary local-file read on the server. It's a private program, so I'm going to do my best to redact as much information as possible. Airbnb recently created a new feature called Experiences which allows you to book things to do rather than places to stay.
With the new code changes that came along with Experiences, we discovered a page that allowed you to send yourself a text message with a link to download the Airbnb app. We decided to run with this concept and explore the rest of the website to see if we could identify other vulnerabilities using the same method. Ben and I spent more time on Airbnb the past few months and discovered a new endpoint that we had never seen before.
After spending a year or so on the program, we were at the point of trying to find a new approach looking for vulnerabilities. We had the idea of going through all of the js files on Airbnb looking for new endpoints.
We were already doing this manually to some degree, but decided to try and automate it. So we built a new tool that grabs js files and looks for relative URLs:. Doing this we quickly found new endpoints that we had missed and found a few new vulnerabilities to report.
One of the new endpoints discovered led to finding a Server-Side Request Forgery vulnerability on Airbnb. We recently started participating in Airbnb's bounty program on HackerOne.
We heard a lot about this company in the past but had never used their service before. Overall they have a pretty solid website, but we were still able to discover a handful of issues.
There is one vulnerability that we wanted to write about because of the level of protection in front of it. The goal of this write-up is to show others that sometimes it takes a little bit of creativity to discover potential flaws and fully exploit them. After many sleepless nights in Vegas, we emerged victorious for a second year in a row. We believe our research here is not final, and encourage others to look into this area.
Authors: Sam Erb Brett Buerhaus. Authors: Ben Sadeghipour Brett Buerhaus.I recently came across across a request on a bounty program that took user input and generated an image for you to download. After a little bit of a journey, I was able to escalate from XSS inside of an image all the way to arbitrary local-file read on the server. It's a private program, so I'm going to do my best to redact as much information as possible.
I initially went after the background request var because it specified a file name and I think that one looks the most interesting. After messing around with the parameters a bit, I noticed that the header request variable was vulnerable to some form of HTML injection.
Starting to put random HTML elements in, I noticed that almost all of them were rendering: iframe, img, script, etc. I decided to target my own server to see if I could get a bit more information on what is processing the HTML.
I already had some experience with Phantom because it's often used in CTFs and I use it in my online scanner for capturing screenshots of websites. This was a good thing to pick-up on early because it explained some of the issues I encountered while trying to exploit this vulnerability.
After trying a few different ideas, I used document. I don't know why, but it worked.
PhantomJS - Scriptable Headless Browser