In addition to Weibo, there is also WeChat
Please pay attention
WeChat public account
Shulou
2025-01-22 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Network Security >
Share
Shulou(Shulou.com)05/31 Report--
This article mainly analyzes the relevant knowledge points of how to carry out get detection in BruteXSS, the content is detailed and easy to understand, the operation details are reasonable, and has a certain reference value. If you are interested, you might as well follow the editor and learn more about "how to detect get in BruteXSS".
BruteXSS introduction:
BruteXSS is a very powerful and fast cross-site scripting violence injection. It is used to violently inject a parameter. The BruteXSS is vulnerable to XSS vulnerabilities by loading multiple payloads from the specified thesaurus for injection and using the specified payloads and scans to check these parameters. Thanks to the very powerful scanning function. When performing a task, BruteXSS is very accurate and rarely misses. BruteXSS supports POST and GET requests, adapting to modern Web applications
Download address:
Https://github.com/ym2011/penetration/tree/master/BruteXSS
Experimental environment:
Python 2.7
Raspberry pie + apache2
Ip:192.168.99.147
The steps of the experiment:
Under the www directory, create a test page with xss vulnerabilities: xssdemo.php
The effect of access test is shown in the figure.
2. Use BruteXSS to test the PARAM parameters in this page.
1) run the tool:
Python brutexss.py
2) Select the parameter request method: get is used here.
3) enter url: http://192.168.99.147/xssdemo.php?PARAM=
4) Select a dictionary file: wordlist-small.txt is used here
The test process and results are shown below
This article mainly analyzes the relevant knowledge points of how to carry out get detection in BruteXSS, the content is detailed and easy to understand, the operation details are reasonable, and has a certain reference value. If you are interested, you might as well follow the editor and learn more about "how to detect get in BruteXSS".
Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.
Views: 0
*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.
Continue with the installation of the previous hadoop.First, install zookooper1. Decompress zookoope
"Every 5-10 years, there's a rare product, a really special, very unusual product that's the most un
© 2024 shulou.com SLNews company. All rights reserved.