Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
Web Penetration Testing with Kali Linux

You're reading from   Web Penetration Testing with Kali Linux Testing web security is best done through simulating an attack. Kali Linux lets you do this to professional standards and this is the book you need to be fully up-to-speed with this powerful open-source toolkit.

Arrow left icon
Product type Paperback
Published in Sep 2013
Publisher Packt
ISBN-13 9781782163169
Length 342 pages
Edition 1st Edition
Arrow right icon
Toc

Table of Contents (15) Chapters Close

Web Penetration Testing with Kali Linux
Credits
About the Authors
About the Reviewers
www.PacktPub.com
Preface
1. Penetration Testing and Setup FREE CHAPTER 2. Reconnaissance 3. Server-side Attacks 4. Client-side Attacks 5. Attacking Authentication 6. Web Attacks 7. Defensive Countermeasures 8. Penetration Test Executive Report Index

Testing cross-site scripting


Google has created the Gruyere project as a means to test web application exploits and defenses .The Gruyere project website has several vulnerabilities embedded into it, including XSS. You can run your own Gruyere project online, or you can download it to a local machine for your testing.

Once we were logged into our own instance of Gruyere, we were able to copy the previous string into the username input field and clicked the Submit button. The following screenshot shows the Gruyere home page with the CHAOS script displayed.

The string used in input field is as follows:

CHAOS<script>alert('www.DrChaos.com')</script>

Once we ran the XSS script in the username input field, we noticed some code was displayed on the website. At this point, we were able to generate a pop-up alert anytime the username was seen on the website.

In addition, http://xss.progphp.com/ is another popular site to test XSS attacks and scripts. You can take several scripts and input...

lock icon The rest of the chapter is locked
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at $19.99/month. Cancel anytime
Banner background image