I love how John teaches the subject. He most likely already knows the answer, but knows that showing the methodology is more important. Trying different things, failing sometimes, then finally winning, are what makes a good hacker.
I know it's old but I've been binging your videos and bro, just amazing. The use of python to wreck like everything makes me sooo sooo happy.. I've literally understood coding 1000% better just watching your content.
New to your channel but eating it up. I’m not a security guy or a CS/SE major or anything, I just like computers and find these videos so interesting. I could never solve these boxes by myself but the way you present these solutions makes it FEEL like I could have come to the same conclusions myself. I think that’s a hallmark of a great teacher, keep it up!
I know I'm late on this one, but I'm just binging on your old stuff at 2:30am. The backticks allow you to use ES6 syntax to create a template literal, previously referred to as a template string I believe. So instead of: var name = "Nick" var output = "My name is" + name alert(output) // outputs "My name is Nick" We can use name and change output to: var output = `My name is ${name}` Our alert will produce the same result without needing to concatenate the string and variable and eliminates the need for using quotes for the string. This is a very simple example, but when you need to concatenate a lot of stuff it saves a bunch of time. It also apparently helps to make this attack work which is super cool.
The way you were using python..mind boggling...Please if possible do make a tutorials on Python and Javascript for Pentesters or Bug Hunters. Thank You for bringing the great content. Love
Hey John, wondering if you can expand on your CORS comments from the end of the video. You mention that when a script from the target site tries to reach out to the attacker's site, you can see a CORS error. However, isn't that error entirely in the attacker's control? Couldn't you have returned the right CORS headers from your server to allow the request through?
Amazing video man !! new sub and like , more XSS videos !!!! Do you give a course on udemy or something like that on web hacking? If not, it would be great, we would all buy it
trying encode but getting this one Traceback (most recent call last): File "/home/bango/Desktop/project.py", line 10, in payload = base64.b64encode(payload) File "/usr/lib/python3.8/base64.py", line 58, in b64encode encoded = binascii.b2a_base64(s, newline=False) TypeError: a bytes-like object is required, not 'str'
Couldn't you just do "document.cookie" with the browser dev tools? Why create a script to send this info to your server? To whom actually belong that session?
@@_JohnHammond If your router allows this. Unfortunately most DSL routers you get from your provider here in Germany won't allow open ports at all. All that mine offers externally is VPN access into my home network. But you can't open up any ports like for a local running web server to be accessible from the outside. And even more unfortunately with most providers you can't even replace the router with something of your choice, as your account is linked to the router's serial number and it won't connect with another device. With some providers you don't even get a true IP that can be reached normally from the internet, like some provder level NAT. I guess we drew the short straw. ;-) The most crappy thing is that a very popular router model with the stock firmware would allow all of that, but provider customization removed these features for "enhanced customer security".
You are out of free articles? Looks like a div overlay thing with a css blur filter on the article below. Some sites actually used to use that (now they use mostly a blurred generic background), suffice to say I never had trouble reading the articles. In chrome, dev tools, remove element (the overlay), then disable any css blur effects, and enable y-overflow (a lot stop you from scrolling the page too). Submit article, does it appear rendered to other users? Next thing is try to enter something that confuses their anti xss system into displaying what you need. You can view page source to check for any odd effects. If you can get an external script into a src attribute somehow, then host it remotely would be a good trick to play.
Your videos are priceless. You don't just show the attack but also the process and the evolving of ideas while designing the attack. Premium content, thank you really.