illustration for Web Security Essentials: MITM, CSRF, and XSS

Course

Web Security Essentials: MITM, CSRF, and XSS

1
Course Overview: Web Security Essentials
4m 17s
2
Simulate Man in the Middle Attacks and Inspect Network Traffic with Charles Proxy
3m 1s
3
Add https to a Localhost Express App to Prevent MITM Attacks
2m 33s
4
Redirect All HTTP Traffic to HTTPS in Express to Ensure All Responses are Secure
2m 19s
5
Set the Secure Cookie Flag to Ensure Cookies are Only Sent Over Secure Connections
1m 35s
6
Add HSTS Headers to Express Apps to Ensure All Requests are https Requests
4m 15s
7
Create a Proof of Concept Exploit of a CSRF Vulnerable Website
4m 1s
8
Mitigate CSRF Attacks by Setting the SameSite Cookie Flag in Express
2m 46s
9
Add CSRF Token Middleware to an Express Server to Mitigate CSRF
6m 12s
10
Make an XSS Payload to Read a Cookie from a Vulnerable Website
3m 50s
11
Set the httpOnly Cookie Flag in Express to Ensure Cookies are Inaccessible from JavaScript
1m 27s
12
Make an XSS Payload to Read document.body from a Vulnerable Website
53s
13
Prevent Inline Script Execution by Implementing Script-Src CSP Headers in Express
5m 30s
14
Read Document Content from a Vulnerable Website via Script Tag Injection in an XSS Payload
1m 11s
15
Add a Nonce Based script-src Header in Express to Only Allow Scripts that Match the Nonce
3m 7s
16
Prompt Users for Credentials from a Vulnerable Website via iframe Injection
1m 36s
17
Add a default-src CSP Header in Express to Enforce an Allowlist and Mitigate XSS
2m 15s

Make an XSS Payload to Read a Cookie from a Vulnerable Website

Mike Sherov

InstructorMike Sherov

Share this video with your friends

In this lesson, we'll learn how to exploit an XSS vulnerability to read the contents of a cookie from our vulnerable website. We'll also make an endpoint on our attacker website to receive and log the cookie we've stolen. This payload will be used and modified in the following lessons to validate vulnerabilities and to verify their mitigation.

Justyn Nelson

~ 4 years ago

I don’t understand this example, cant you just look at the session cookie through the browser just as easily?

Mike Sherov(instructor)

~ 4 years ago

Hi Justyn2,

Yes, you as the user can look at their own session cookie through the browser, which allows them to authenticate themselves. However, when an attacker performs an xss attack, it allows them to see other people's session cookies, which allows the attacker to authenticate themselves as other people! The XSS is persisted so that when other people log into the site, they execute the attackers code, sending their own session cookie to the attackers servers.

Hope this helps!