Cross-Site Scripting (XSS) Explained

This has truly been a lifesaver. My college professor told us to research this for a paper and gave us no source material whatsoever. Everywhere I look, the explanations are so technically written that it goes right over my head with my limited knowledge. (Usually, if I have to look up 3 terms before I finish the first paragraph, I'm out)
Thank you much for describing this in detail without weighing it down with an excess of unnecessary jargon and high-level concepts.

darylann

00:50 SOP, the browser checks, blocks read and write 02:10 JS, access, DOM API, javascript injection technique, 03:21 basic classic example 05:35 reflected 05:54 stored 07:31 DOM XSS

domaincontroller

dwangoAC of the custom Twitch chat XSS segment - thanks for including it! We had difficulty classifying it as well, and the realtime nature made it hard to say if it was truly stored XSS or not. The volunteer who wrote it learned valuable lessons that day.

dwangoAC

I read so many explanations about XSS recently and yours is by far the best. Keep up the great work !

LikeThizzz

This lesson was well done my dude! It was great, lots of specifics but not so complicated that everything flew right over my head. Thank you!

CunningAndGuile

I gotta say bro, your content is helping me out a fugh-ton. I've been brushing up on my security since ive been interviewing for a few months and realized my understanding of some sec principles werent complete or in some cases simpler than i had originally thought. thanks!

hahahabit

i do not leave comments often but.. my dude holy crap this was great. thank you. much more in depth and easy to understand compared to professor messer. loves the visuals. keep it up

jhnsb

Absolutely loved this video! The intro video, your style of talking, those amazing blue and pink (I guess they are called pastel colors?) colors. It was really fun to watch this video and get a general knowledge about XSS. Keep this us, buddy! Definitely sub from me!

art_of_bayar

Dude! You vids are amazing. Very technical which is great and your graphical explanations leave no room for guessing! Love it! Keep these going!

kevin_brown_dc

Been struggling to wrap my head around what xss was exactly for a while, and this cleared up a lot of things. Thank you. :)

Wolfennar

Random tidbit: I had a phone interview with the guy who coined the term "XSS" (allegedly), he was absolutely obnoxious and made sure to let me know he came up with that term every 5 minutes.

HappyGlmre

You're the best online teacher that I ever had! Keep uploading more vulnerabilities pls, tomorrow I will try some xss challenge of your website, thank you for all your hard work

ricardoprieto

The day has come
I finally got an xkcd reference :)

eduardoantunes

The fact that you didn't edit out the differentiation thingy just earned you a subscribe <3 Awesome content!

yoramswiers

this is the first video ive watched of yours and I already love how you approach the over acrhing concept!

brinklebros

What you do for the community is awesome man. Thanks for the game and the great videos

dondoukhan

hey man, good to see you after a long time.. plan some frequent uploads ..

ignitor

Corrections on the same origin policy. You can "write" or "send" regardless of origin but the browser will hold onto any response that is coming from an untrusted origin.

This is the reason CSRF is not prevented by SOP.

This isn't hate mail btw, I love your videos and you helped me a ton in the past.

P.S. glad to see you're back!<3

Hope-kfnl

Very helpful I keep learning, understanding, and then forgetting XSS. This time it stuck with me 👍

frederickmwangi

In my view, the biggest fundamental flaw of the same origin policy is the fact that it is purely a client side implementation.

Case and point: fork Chrome, turn the flag off you have a CORS-less browser. Why you'd want that when it would be a detriment to your own good is another question. But you can do it. You don't even need to change the code. As far as I know, there still exists a flag you can pass when launching Chrome (and other browsers) to turn it off.

And now we have "Local Overrides" in Chrome's dev tools. This is a wonderful tool that has helped me debug a number of issues in production, but it also is a wonderful asset to performing XSS attacks on sites you shouldn't have authority over.

It's also possible to manipulate the perception of who you're communicating with by modifying your local hosts file. Add break points to another site's scripts, pause execution at important points, retarget your domain to a local server you're serving assets from, revert hosts file, resume execution as desired.

I'm sure there's a number of brighter people than me here who have even better examples of how easy it is to circumvent the minimal protection that is there, so it leaves me wondering why we have an entire ecosystem of technology built around such shaky ground.

It seems to me that we should have implemented better security mechanisms for these sort of things in the actual protocol level. In the same way in which we introduced websockets by "upgrading" connections, it feels like more should be done in this area to mitigate the weak protection client-side CORS policies provide.

SikoSoft