DEV Community

Discussion on: How hackers steal your keys and secrets

 
brendan8c profile image
Artem

Hi )
I connected everything to protection.
How can I validate the form?
I want to check whether my protection is working or not.
If I paste this into the alert (document.cookie) form it will be sent to my mail. I will not see any JavaScrip code displayed.
I need a method to test my XSS protection.
In other words, what I need to do is to make an XSS attack on my form so that I can see if my defense has worked or not.
I hope I have explained it clearly.
I am sorry my English is bad.

Thread Thread
 
omerxx profile image
Omer Hamerman

Hi,

Like I mentioned earlier, you probably want to learn the basics on your own and then validate your protection by "attacking" your own page. Here's a great video with explanations on different techniques. The guy has also a practice area where you can practice what you've learned: youtube.com/watch?v=EoaDgUgS6QA

When you protect something, be aware of what it is you are protecting from. "XSS" is a wide range of techniques that can abuse pages. If you protect from a certain technique - e.g. HTML tags, try exploiting your own form with something like <img src/onerror=alert(1)>.
Here's another cheatsheet by Portswigger where you can see an endless list of methods: portswigger.net/web-security/cross...