O'Reilly logo

Python Web Penetration Testing Cookbook by Dave Mound, Benjamin May, Andrew Mabbitt, Terry Ip, Cameron Buchanan

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Header-based Cross-site scripting

Until now, we have focused on sending payloads through URLs and parameters, the two obvious methods of performing attacks. However, there are numerous rich and fertile sources of vulnerabilities that often lay untouched. One of these will be covered in depth in Chapter 6, Image Analysis and Manipulation, for which we can give an intro now. Logs are often kept of specific headers of users that are accessing web pages. It can be a worthwhile activity performing checks against these logs by performing XSS attacks in headers.

We will be creating a script that submits XSS attack strings to all available headers and cycles through several possible XSS attacks. We will provide a short list of payloads, grab all the headers, ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required