Python Development of XSS Scanner for Cybersecurity

Python Development of XSS Scanner for Cybersecurity

Python Development of XSS Scanner1. Basic Approach1. Target Scanning2. Core Detection Logic3. Extensibility Design2. Code Implementation1. Dictionary File2. Python Code Python Development of XSS Scanner 1. Basic Approach 1. The overall approach is to send a request with a payload parameter value and determine the existence of the payload from the response (triggering reflected XSS). … Read more

Bypassing HttpOnly for Escalating Vulnerability Impact

Bypassing HttpOnly for Escalating Vulnerability Impact

The vulnerabilities described in this article have been fixed. Please do not conduct unauthorized penetration testing. Original source: https://sallam.gitbook.io/sec-88/write-ups/how-we-turned-a-medium-xss-into-a-high-bounty-by-bypassing-httponly-cookie Content The target application is a common website translation platform that includes team management, project management, and an AI feature module. During testing for privilege escalation and injection attacks, I discovered an interesting input field in … Read more

HttpOnly Defense Against XSS

HttpOnly Defense Against XSS

Disclaimer This article is for academic research purposes only and should not be used on real unauthorized websites. Any illegal use is not related to the platform or the author of this article, and you must take responsibility! What is HttpOnly HttpOnly is a boolean attribute in the Set-Cookie response header. Once added, the browser … Read more

Wireshark – HTTP Protocol (Part 9)

Wireshark - HTTP Protocol (Part 9)

HTTP Hypertext Transfer Protocol(HyperText Transfer Protocol)Introduction to Principles The HTTP protocol is a transmission protocol used to transfer hypertext from WWW servers to local browsers. It enables browsers to operate more efficiently and reduces network transmission. It not only ensures that computers transmit hypertext documents correctly and quickly but also determines which part of the … Read more