Is article mai hum apko How to do xss attack ke practical ke bare mai btayege. Jaise ki apko phle btaya gaya hai xss attack kya hota hai. Agar aapne website hacking ki post nhi padhi hai tab aap use ik bar jarur padh le.
xss attack ko cross site scripting bhi kaha jata hai . Yeh ek vulnerability hai jo websites mai milti hai . Xss attack ki vulnerability apko badi website mai dekhne ki bht kaam milti hai jaise facebook, amazon.
Hum apko iska practical DWVA mai karke bata rahe hai. DVWA or Bwapp k le bare mai apko pahle hi bataya gaya hai. Yeh dono website hacking ki practice ke liye bnaye gaye platform hai.
What is XSS attack ?
XSS attack ke bare mai vaise to apko pahle bhi btaya gaya hai. Lekin phir bhi apko yaha bhi btaya ja raha hai.
Agar kisi website mai yeh vulnerability milti hai. Aise mai ek hacker kisi bhi tarah ki script ko Website par run karva sakta hai.
Jaise ki apko btaya gaya hai programming languages jo hacking mai use hoti hai. JavaScript bhi aisi hi language hai jo scripting language hai. JavaScript ka use karke hacker website mai apne virus ko bhi inject karva sakta hai.
Yeh attack jitna common hai utna hi dangerous bhi hai. Kyoki aap khud soch sakte hai kisi website mai agr kisi tarah ka virus inject kar diya Jaye to website ko to nuksan hota hi hai sath hi visitors bhi inject hote hai. Jaise water hole attack mai apko btaya gaya hai.
Practical of XSS attack ?
chaliye ab iske practical ke bare mai jante hai. Sabse pahle hacker ko vulnerability find karni hoti hai. Jaise kisi website kai agr blank text milta hai vaha kisi tarah ki script ko fill karke run karne par agr veh script run ho jati hai.
Aise mai hacker samjh jata hai ki veh website XSS se vulnerable hai. Is tarah se website mai vulnerability find karne ke bad hacker apne attack ko anjam dete hai. Yeh sab karne ke baad hacker apne bnaye gaye virus ko website mai inject kar deta hai.
Hum apko Sabhi tarah ki security mai DVWA ki setting karke XSS attack karke batayege . Hum apko live kisi website par yeh attack karke nahi bata sakte hai. Kyoki aisa karna illegal hoga.
Low Security
DVWA ka setup karna apko pahle hi bata diya gaya hai. Hum yeh maan kar chalte hai ki apne DVWA ka setup kar liya hai. Sabse pahle hum apko Low security mai bata rahe hai.
Sabse pahle apko DVWA Security low par set karni hoti hai. Yeh sab karne ke bad XSS reflected par click karna hota hai.
Yaha apse name pucha jata hai . Aap yaha jab apna name fill karte hai apko apka name show ho jayga. Hum apko Javascript run karke bata rahe hai.
Humne ek simple Javascript ka use kiya hai. Yeh apko example dene ke liye btaya gaya hai. Jis script ka use kiya gaya hai veh kuch is tarah hai.
<script>alert(‘freelearningtech’)</script>
Yeh script fill karne ke baad aap jab submit karte hai. Aise mai yeh script run ho jati hai. Kuch is tarah
Yeh script kuch is tarah se run hogi. Jab aap view page source karte hai aapko vaha hello find karna hota hai.
Yeh sab karne ke baad aap dekh payege ki apki fill ki gyi script add ho gyi hai or run ho gyi hai. Is tarah se xss attack low security mai kiya jata hai.
Medium Security xss attack
Jaise apko Low security mai btaya gaya hai. Aise hi script jab aap Medium Security mai run karte hai tab veh script run nahi hoti hai. Ab aap yahi soch rahe honge ki kaise run hogi.
Apke samne kuch is tarah se show hogi. Chaliye hum apko btate hai Medium Security mai apko bas ik simple ci chij karni hoti hai. Jaise Low security mai <script>alert(‘freelearningtech’)</script> Yeh script run karvane par run ho jati hai.
Medium security mai apko bas Script ka S captial word mai likhna hota hai. Kuch is tarah
<Script>alert(‘freelearningtech‘)</Script>
Yeh script ka S captial word mai karne se aap dekh payege Script run ho jati hai. Yeh Medium Security mai work karti hai . Hum apko ek baat clear karde yeh example diye ja rahe hai.
Yeh apki practice par depend karta hai. Aap kaise kisi script ko run karte hai. Is tarah se xss attack Medium Security mai kiya jata hai
High Security
Chaliye ab hum apko btate hai High Security mai javascript ko aap kaise run karva sakte hai. High security mai java script normally run nahi hoti hai. Yaha apko Script hi change karni hoti hai
Yaha jis tarah se script ka use kiya jata hai veh kuch is tarah hoti hai. Aap yeh sab practical DVWA mai hi kare.
<img src=1 onerror=”alert(‘freelrearningtech’)”
Is tarah se jab High security mai script ko jab aap run karte hai. Javascript run ho jati hai. Yeh aap DVWA mai karke dekh sakte hai.
Yeh script ka mtlb yeh hai jaise HTML mai jab img src ka use kiya jata hai tab yaha image di jati hai . Aise mai humne yaha image na dekar value di hai.
Value ke baad jab error ati hai tab javascript run ho jati hai. Is tarah se high security mai javascript ko aap run karke dekh sakte hai. Yeh sab aap practically jarur karke dekhe. Is tarah se xss attack High Security mai kiya jata hai.
Impossible Security
Yeh bhi ek tarah ki security hai jaha xss attack ko perform karne ke liye apko bahut mehnat karni padti hai. Yeh apko yaha isliye btaya gaya hai.
Kyoki jaha Impossible hota hai vaha jab aap kisi tarah ki java script ko run karte hai veh kaise perform hoti hai. Yeh dekhne ke liye DVWA mai yeh option diya gaya hai.
Aap yaha view source par click karte hai jab Impossible par set karne ke baad apke samne difference a jayga Kyo impossible mai Script run nahi hoti hai kuch is tarah
Aap dekh sakte hai Impossible mai apko htmlspecialchars show ho raha hai. Iski vajah se xss attack work nahi karta hai. Jab bhi kisi website mai yeh coding hoti hai tab xss attack work nahi karta hai.
Aap jab Impossible security mai kisi script ko run karte hai uske baad jab view page source karte hai apke samne kuch is tarah se show hota hai. Impossible mai script ko detect kar liya jata hai.
The Conclusion
Main umeed karta hu ki apko xss attack ke practical ke bare mai pata chal gaya hoga. Yeh attack aap DVWA ya Bwapp mai hi kare.
xss attack ko aap kisi ki permission ke bina live website par kabhi mat karen. Kyoki aisa karna illegal hota hai.
Agar apka xss attack ke bare mai kisi bhi tarah ka koi question hai aap comment mai puch sakte hai.
Aapko humare posts ache lag rahe hai tab inhe share jarur karen. Humari posts ko sabse pahle padne ke liye blog ko subscribe jarur karen.
Sharing is caring
Thankyou
Good post. I study one thing tougher on different blogs everyday. It should all the time be stimulating to learn content from different writers and practice slightly something from their store. I’d want to use some with the content material on my weblog whether you don’t mind. Natually I’ll give you a hyperlink on your internet blog. Thanks for sharing.