The Beginner's Guide to Blind XSS (Cross-Site Scripting)

Подписаться 132 тыс.

Просмотров 36 тыс.

50% 1

🚩Signup for Snyk's CTF 👉🏼 snyk.co/nahamsecctf
📚 Purchase my Bug Bounty Course here 👉🏼 bugbounty.nahamsec.training
XSS Hunter:
github.com/mandatoryprogramme...
Trufflehog XSS Hunter
xsshunter.trufflesecurity.com/
💵 Support the Channel:
You can support the channel by becoming a member and get access exclusive content, behind the scenes, live hacking session and more!
☕️ Buy Me Coffee:
www.buymeacoffee.com/nahamsec
JOIN DISCORD:
discordapp.com/invite/ucCz7uh
🆓 🆓 🆓 $200 DigitalOcean Credit:
m.do.co/c/3236319b9d0b
💬 Social Media
- / nahamsec
- / nahamsec
- twitch.com/nahamsec
- / nahamsec1
#bugbounty #ethicalhacking #infosec #cybersecurity #redteam #webapp

Опубликовано:

23 окт 2023

Ссылка:

Скачать:

Готовим ссылку...

Добавить в:

Мой плейлист

Посмотреть позже

Комментарии : 101

@wamboowamboo2341 6 месяцев назад

It's great that you record such materials, I haven't watched everything yet, but you do a great job!

@williamperry2074 8 месяцев назад

Great video, presentation was excellent. I enjoy learning these techniques since I am new to the game. More videos like this is much appreciated.

@NareshKommuri 8 месяцев назад

This is really great to watch. I'm sure this will be beneficial for so many out there on the bugbounty path!! Looking forward for more videos like this. Cheers!!

@loneliestwolf4228 8 месяцев назад

Wow !!! great explanation about XSS........THANK YOU VERY MUCH BEN !!!

@ray1472 7 месяцев назад

Loved the video, helped me so much to be honest. Plz keep up the step by steps they help a lot.

@inventdev9160 6 месяцев назад

Excellent tutorial! As a newbie to this BB world, this is the kind of video I am looking for.

@charlymarchiaro 8 месяцев назад

Excellent, really good stuff. Please make more videos like this!

@brs2379 8 месяцев назад

Love this kind of video, please keep doing these videos where you go through your thought process step by step

@NahamSec 8 месяцев назад

Thank you! Will do!

@mianashhad9802 8 месяцев назад

Love these beginner-centric videos. I am still waiting for the JavaScript for hackers one :)

@mahnooraltaf8525 2 месяца назад

Thanka for uploading this video really helpful ❤

@The_Dark_Cats 8 месяцев назад

More like this please! Great information.

@moneymac1114 4 месяца назад

Wow. Lemme subscribe right now! Great explanation

@thamsanqangubane6411 7 месяцев назад

Please do more if this type of videos for us to get the practical understanding of bug bounty....

@M1L2F6 8 месяцев назад

This is awesome! I like how you don't rehash the basics everyone is trying to teach.

@mahnooraltaf8525 2 месяца назад

Please make more detail videos on XSS and payload creation

@zTech300 8 месяцев назад

Great video, more content like this please.

@javascriptalert136 8 месяцев назад

Hey @NahamSec great video as always. I you should also make a video for XSS hunder set-up. like how to host it on server etc.

@perspectiveafz4629 7 месяцев назад

Wow , great information. ❤

@gokulsudhakar2203 8 месяцев назад

Brilliant stuff!

@mohammadrezaabbasi4841 8 месяцев назад

Hey, Thanks for these awesome contents :))پرچمت بالاس

@NahamSec 8 месяцев назад

🇮🇷

@mohammadrezaabbasi4841 8 месяцев назад

🇮🇷🇮🇷🇮🇷🇮🇷@@NahamSec

@nafizimtiaz9367 8 месяцев назад

Useful Video as always. Hope to meet you someday at some LHE

@NahamSec 8 месяцев назад

🤞🏽🤞🏽🤞🏽

@GoliTech 8 месяцев назад

Hi Nahamsec, thanks for your priceless inforamtion. could u pls tell us what will we get if we join to the channel as well? is there any extra content?

@sushantsahani4185 8 месяцев назад

Please make a video on xss vulnerability covering the thought process to identify xss, injecting payload, thought process to bypassing waf on real site

@i_am_dumb1070 8 месяцев назад

Cfbr

@darkmix4192 3 месяца назад

Using xss_vibes,xsstrike tool to bypassing waf.

@TheAwillz 3 месяца назад

Yeah I second this please. I’m a noob and keep making stupid syntax mistakes (amongst larger ones) would be really helpful if possible please mate

@ysxninja 8 месяцев назад

beautiful stuff

@mr.researcher1525 8 месяцев назад

More...walkthrough. ❤️

@rajeshranjan7034 8 месяцев назад

Thankyou Ben

@free_user 8 месяцев назад

Best one explain "how to hack". Thank you so much

@NahamSec 8 месяцев назад

Enjoy!!

@loneliestwolf4228 8 месяцев назад

Looking forward for live hacking stream by you !!!!

@aniketakhade4452 8 месяцев назад

Do you use any encodings here?

@egryan1 8 месяцев назад

Does the program usually require you tell them where you injected the payload i.e like in the address field or additional comment box if so how do you keep track of that.

@this_name_is_not_available6923 8 месяцев назад

Is it advisable to “spray and pray” the blind xss payload in headers?

@howtodefeatgangstalking 8 месяцев назад

Could you make a video doing XSS against a WordPress web-site and show different ways one could learn how to exploit XSS in WordPress websites and plugins?

@baravind719 8 месяцев назад

I have a query that if I use trufflesecurity then can I customise it like your payload?

@ibrahimmuhammad4194 8 месяцев назад

Nice one!

@alizareii8307 8 месяцев назад

You are great دمت گرممم

@root3038 8 месяцев назад

I saw in input area most of them is sanitzi based on html entity the any other option to bypass the sanitazi

@The_ancestor_of_Mars_humans 8 месяцев назад

make a video on , what is your way to bypass filters, and get your payload work

@Ajay-kz6zw 8 месяцев назад

Make video about how to setup xss hunter🙏

@user-xr7ss9sc1x 6 месяцев назад

Great Video! I take it you could do the same with SSRF by inputting a burp collab link within the tag and if it fires with HTTP / DNS responses it can be assumed that its executing. For this, could you use the Proof of Concept that Blind XSS would be present since the collaborator access link would be executed?

@krishnajoshi8643 6 месяцев назад

i watched your video..i had completed CEH and after CEH v11 can i go for CTF or need anything else ?

@user-ot4gm6qf2d 7 месяцев назад

what to do when the input field cuts off all signs

@shohaghasan5641 4 месяца назад

A large WOW!

@MarkFoudy 8 месяцев назад

thank you

@Ajay-kz6zw 8 месяцев назад

Which tool use for blind xss? Truffles xsshunter is safe?

@jeremyg737 8 месяцев назад

At 17:57 how did the opening angle bracket of the payload not get encoded when the closing angle bracket before it did?

@songoku-wy8cf 3 месяца назад

I think, it's kinda security mechanism which kept in place to avoid xss. So, whenever any closing tag appears, it encodes it. So that no full tag will appear...even If you use img, script tag, closing bracket alone will be encoded by making our payload doesn't work

@AAA-rk2fj 7 месяцев назад

thanks naham

@pichik1836 8 месяцев назад

any good event with import for that input tag

@sherminmehdi8748 7 месяцев назад

Thank U bro🎉🎉🎉🎉❤

@shaikshainsha8948 8 месяцев назад

I can keep onclick=alert(1) ..so when ever click it pops up

@Prem-Madhani 8 месяцев назад

Please Make this type of contents

@lovefacts1555 8 месяцев назад

for input we can add attributes like (onload) e.g: '" onload="JS_here"/>

@steiner254 8 месяцев назад

Awesome

@discopernicus 7 месяцев назад

How easy is it to remove this xss script if it is planned to website without much management panel like linktree or heylink. Someone put it on mine and i don't know how to remove it

@themynamesb 8 месяцев назад

@nahamsec can you plz shr the custom script that you wrote (modification of the xsshunter script). It is nice and light weight.

@Aks-jc3bq 8 месяцев назад

sir I new to this field please guide me how to start from scratch 🙏

@KamalUddin-ih1vs 7 месяцев назад

Hello sir Whare i get those website playing the xss,blind xss stored xss , csrf ,ssrf and so much more i playing the Metasploitable but its old Can you suggest the website 😢

@debugdebug-t6i День назад

Great

@Mohamad-xb1pv 8 месяцев назад

Hello, what is written on your hat and where did you buy it? It is very beautiful

@NahamSec 8 месяцев назад

I made it. It says Tehran

@blackshell4286 8 месяцев назад

I liked what was written on your hat. I would like to ask a question: I create websites by purchasing a theme and modifying it. Do the topics take into account the issue of structured code from inputs such as sql, xss, etc.? If not, what should I do to make the client's site more secure? Greetings to you from Morocco

@aligoodluck7064 8 месяцев назад

i like your hat whats the arabi word meanings ?

@dprzxc 8 месяцев назад

Tehran on the hat =))

@Gourav_mujalde 8 месяцев назад

Please improve audio quality 🙏

@jaypanchal9748 8 месяцев назад

make more content like this

@socalledhacker 8 месяцев назад

This is something new to my knowledge. thnx bro...///

@TungAnhNguyen-vr8pr 8 месяцев назад

Can you help me?

@gAMANtheBihar 8 месяцев назад

Hiiie ben hope u doin well…love ya brother 🫡🤗🤗

@NahamSec 8 месяцев назад

❤️🥰

@hxmo656 8 месяцев назад

Could we also use Burp Collab

@NahamSec 8 месяцев назад

No, burp collab doesn't allow you to serve JS. You need to either use a tool or create your own

@LALPRO_ 8 месяцев назад

@@NahamSecsir i have hostinger hosting but i don't know how to host this can you make a full video on hosting bxss

@geniusskills6151 8 месяцев назад

Audio is always low why ?

@NahamSec 8 месяцев назад

I'm not seeing any issues. Can you tell me what you are watching this on?

@lowkey_ssh 8 месяцев назад

@@NahamSec yup its always lower than other normal videos..

@LALPRO_ 8 месяцев назад

@@NahamSecvoice is good

@AzScep00 8 месяцев назад

First comment hehe

@NahamSec 8 месяцев назад

Almost!

@gAMANtheBihar 8 месяцев назад

I was first hihi😊😊

@imamulhuda6202 8 месяцев назад

Make the audio louder please ☹️

@this_name_is_not_available6923 8 месяцев назад

Damn 50k a day. That is someone’s average annual income already

@papafhill9126 8 месяцев назад

For 18:24, I'd guess using something like: input type=image src=something.png onload=alert(1) Or input autofocus onfocus=alert(1) Not sure those are right, but that's my guess.

@NahamSec 8 месяцев назад

autofocus onfocus should be the right answer, but it may need some playing around.