Locked Self-XSS - Self-XSS Attack

By itsMe
May 20, 2020 in Hacking Tools

Followers 0

Start new topic

Recommended Posts

itsMe

Posted May 20, 2020

- Share

Posted May 20, 2020

This is the hidden content, please

Self-XSS - Self-XSS Attack Using Bit.Ly To Grab Cookies Tricking Users Into Running Malicious Code

How it works?

Self-XSS is a social engineering attack used to gain control of victims' web accounts by tricking users into copying and pasting malicious content into their browsers. Since Web browser vendors and web sites have taken steps to mitigate this attack by blocking pasting javascript tag, I figure out a way of doing that using Bit.ly, so we can create a redirect pointing to "website.com/javascript:malicious_code". If the user is tricked to run the javascript code after "website.com/" the cookies of its authenticated/logged session of website.com will be sent to the attacker.

Features:

Port Forwarding using Ngrok and shortner using Bitly.com (Register for free)

This is the hidden content, please

Link to comment

Share on other sites

This topic is now closed to further replies.

Followers 0

Go to topic listing

Similar Content
- Cloud Attack Vectors: Building Effective Cyber-Defense Strategies to Protect Cloud Resources
  
  By itsMe, April 22, 2023
  - cloud
  - attack
  - (and 7 more)
    
    Tagged with:
    
    cloud
    
    attack
    
    vectors:
    
    building
    
    effective
    
    cyber-defense
    
    strategies
    
    protect
    
    resources
  - 0 replies
  - 149 views
- Zed Attack Proxy Cookbook
  
  By itsMe, April 14, 2023
  - zed
  - attack
  - (and 2 more)
    
    Tagged with:
    
    zed
    
    attack
    
    proxy
    
    cookbook
  - 0 replies
  - 148 views
- Github Attack Toolkit: GitHub Self-Hosted Runner Enumeration and Attack Tool
  
  By itsMe, April 7, 2023
  - github
  - attack
  - (and 6 more)
    
    Tagged with:
    
    github
    
    attack
    
    toolkit:
    
    self-hosted
    
    runner
    
    enumeration
    
    and
    
    tool
  - 0 replies
  - 163 views
- Remote Desktop (RDP)- Brute Force Attack - And how to protect against this RPD brute force attack
  
  By dEEpEst, March 31, 2023
  - remote
  - desktop
  - (and 10 more)
    
    Tagged with:
    
    remote
    
    desktop
    
    (rdp)-
    
    brute
    
    force
    
    attack
    
    and
    
    how
    
    protect
    
    against
    
    this
    
    rpd
  - 0 replies
  - 200 views
- bhash - bHash is a simple hash cracking tool and and NTLM attack dictionary converter
  
  By itsMe, March 6, 2023
  - dictionary
  - attack
  - (and 8 more)
    
    Tagged with:
    
    dictionary
    
    attack
    
    ntlm
    
    and
    
    tool
    
    cracking
    
    hash
    
    simple
    
    bhash
    
    converter
  - 0 replies
  - 157 views

Sign In

Locked Self-XSS - Self-XSS Attack

Recommended Posts

itsMe

Link to comment

Share on other sites

Similar Content

Cloud Attack Vectors: Building Effective Cyber-Defense Strategies to Protect Cloud Resources

Zed Attack Proxy Cookbook

Github Attack Toolkit: GitHub Self-Hosted Runner Enumeration and Attack Tool

Remote Desktop (RDP)- Brute Force Attack - And how to protect against this RPD brute force attack

bhash - bHash is a simple hash cracking tool and and NTLM attack dictionary converter

Browse

Activity

Store

Important Information