Tutorial Playlist

Cyber Security Tutorial: A Step-by-Step Guide

Overview

What is Cybersecurity?

Lesson - 1

Cyber Security for Beginners

Lesson - 2

How to Become a Cybersecurity Engineer?

Lesson - 3

What is Ethical Hacking?

Lesson - 4

What is Penetration Testing?: A Step-by-Step Guide

Lesson - 5

What Is SQL Injection: How to Prevent SQL Injection

Lesson - 6

How to Become an Ethical Hacker?

Lesson - 7

What Is a Firewall and Why Is It Vital?

Lesson - 8

The Complete Know-How on the

Lesson - 9

A Definitive Guide to Learn the SHA 256 Algorithm

Lesson - 10

What Is a Ransomware Attack and How Can You Prevent It?

Lesson - 11

A Look at the Top 5 Programming Languages for Hacking

Lesson - 12

The Most Informative Guide on What Is an IP Address?

Lesson - 13

The Best Ethical Hacking + Cybersecurity Books

Lesson - 14

10 Types of Cyber Attacks You Should Be Aware in 2022

Lesson - 15

The Top Computer Hacks of All Time

Lesson - 16

Top 6 Cyber Security Jobs in 2022

Lesson - 17

The Best Guide to The Top Cybersecurity Interview Questions

Lesson - 18

What Is a Brute Force Attack and How to Protect Our Data Against It?

Lesson - 19

The Top 8 Cybersecurity Skills You Must Have

Lesson - 20

Your Guide to Choose the Best Operating System Between Parrot OS vs. Kali Linux

Lesson - 21

All You Need to Know About Parrot Security OS

Lesson - 22

The Best and Easiest Way to Understand What Is a VPN

Lesson - 23

What Is NMap? A Comprehensive Tutorial for Network Mapping

Lesson - 24

What Is Google Dorking? Your Way to Becoming the Best Google Hacker

Lesson - 25

Your Best Guide to a Successful Cyber Security Career Path

Lesson - 26

The Value of Python in Ethical Hacking and a Password Cracking Tutorial

Lesson - 27

The Best Guide to Understand What Is TCP/IP Model?

Lesson - 28

What Are Keyloggers and Its Effect on Our Devices?

Lesson - 29

Best Guide to Understand the Importance of What Is Subnetting

Lesson - 30

Your Guide to What Is 5G and How It Works

Lesson - 31

How to Crack Passwords and Strengthen Your Credentials Against Brute-Force

Lesson - 32

A Look at ‘What Is Metasploitable’, a Hacker’s Playground Based on Ubuntu Virtual Machines

Lesson - 33

One-Stop Guide to Understanding What Is Distance Vector Routing?

Lesson - 34

Best Walkthrough for Understanding the Networking Commands

Lesson - 35

Best Guide to Understanding the Operation of Stop-and-Wait Protocol

Lesson - 36

The Best Guide to Understanding the Working and Importance of Go-Back-N ARQ Protocol

Lesson - 37

What Are Digital Signatures: A Thorough Guide Into Cryptographic Authentication

Lesson - 38

The Best Spotify Data Analysis Project You Need to Know

Lesson - 39

A One-Stop Solution Guide to Understand Data Structure and Algorithm Complexity

Lesson - 40

Your One-Stop Guide ‘On How Does the Internet Work?’

Lesson - 41

An Introduction to Circuit Switching and Packet Switching

Lesson - 42

One-Stop Guide to Understanding What Is Network Topology?

Lesson - 43

A Deep Dive Into Cross-Site Scripting and Its Significance

Lesson - 44

The Best Walkthrough on What Is DHCP and Its Working

Lesson - 45

A Complete Look at What a Proxy Is, Along With the Working of the Proxy Server

Lesson - 46

A Detailed Guide to Understanding What Identity and Access Management Is

Lesson - 47

The Best Guide to Understanding the Working and Effects of Sliding Window Protocol

Lesson - 48

The Best Guide That You’ll Ever Need to Understand Typescript and Express

Lesson - 49

Express REST API

Lesson - 50

All You Need to Know About Express JS Middleware

Lesson - 51

An Absolute Guide to Know Everything on Expressions in C

Lesson - 52

A Definitive Guide on How to Create a Strong Password

Lesson - 53

Ubuntu vs. Debian: A Look at Beginner Friendly Linux Distribution

Lesson - 54

Your One-Stop Guide to Learn Command Prompt Hacks

Lesson - 55

Best Walkthrough to Understand the Difference Between IPv4 and IPv6

Lesson - 56

What Is Kali NetHunter? A Deep Dive Into the Hackbox for Android

Lesson - 57

A Perfect Guide That Explains the Differences Between a Hub and a Switch

Lesson - 58

The Best Guide to Help You Understand What Is Network Security

Lesson - 59

What Is CIDR? And Its Importance in the Networking Domain

Lesson - 60
A Deep Dive Into Cross-Site Scripting and Its Significance

Website security principles have had a thorough overhaul over the past few years, primarily due to easy access to malicious tools. Starting from DDoS attacks to remote code execution, a full-fledged web application security platform will need to check the standout culprits like cross-site scripting. While the attacks are from the client side on most occasions, they can be configured to work remotely against the most secure platforms too. 

PGP in Cyber Security With Modules From MIT SCC

Your Cyber Security Career Success Starts Here!View Course
PGP  in Cyber Security With Modules From MIT SCC

What is Cross-Site Scripting?

Cross-site scripting, denoted by XSS, is a code injection attack on the client-side. The attacker intends to run harmful scripts in the victim's web browser by embedding malicious code in a simple web page or online application. The actual attack occurs when the victim hits the malicious code-infected web page or online application. The web page or web application serves as a vehicle for the malicious script to be sent to the user's browser.

The primary goal of this attack is to steal the identifying data of the other user - cookies, session tokens, and additional information. In most circumstances, this technique is used to steal the victim's cookies. Cookies, as you all know, assist you in automatically logging in. As a result, you may log in with the other identities using stolen cookies. That's one of the reasons why this attack is regarded as one of the most dangerous. It may be done using a variety of client-side programming languages.

Now that you have a general idea about cross-site scripting attacks, you will understand how these attacks work and their general flow.

Working of Cross-Site Scripting

Typically, the way a user interacts with a website is shown in the image below.

xss_working-cross_site_scripting

  1. User enters the website URL in the web browser.
  2. Browser asks the relevant information from a server hosting the website.
  3. Server sends the data back to the web-browser, where the user can retrieve the data.

When an attacker injects their code into a web page, usually by exploiting a weakness in the website's software, they may inject their script, which is run by the victim's browser. The dual connectivity of the web-browser, allows the hacker to attack either the server or end-user.

Another common application of cross-site scripting attacks is when the vulnerability is present on most of a website's publicly accessible pages. In this situation, hackers can inject their code to target website users by inserting their advertisements, phishing prompts, or other harmful information.

With the working of XSS attacks covered, you will over the different types of XSS attacks employed by hackers.

Categories of Attacks

xss_categories-cross_site_scripting

  • Reflective: In this scenario, the attacker's payload must be included in the request submitted to the webserver. Attackers use malicious URLs, phishing scams, and other social engineering tactics to trick the victim into sending a request to the server.
  • Persistent: An attacker uses persistent (stored) XSS to inject malicious material (payload), most commonly JavaScript code, into the victim software. Should there be no input validation, the malicious code will be permanently saved (persisted) by the target program, such as a database.
  • DOM-Based: This attack occurs when a web application's client-side script sends user-supplied data to the DOM. The web app reads the DOM and sends it to the browser. When the DOM data is read back, the payload is executed.

While there are multiple variants of these XSS attacks, security professionals recommend several preventive measures to combat them. So, go over some of these steps.

FREE Course: Introduction to Cyber Security

Learn and master the basics of cybersecurityStart Learning
FREE Course: Introduction to Cyber Security

Preventive Measures

prevention-cross_site_scripting

  • Third-Party Frameworks: You may analyze your web app for Cross-Site Scripting and other serious vulnerabilities using automated security suites such as Crashtest and Acunetix before each release.
  • Sanitizing Code: Sanitizing user input removes potentially executable characters from data. Instead, it converts unwanted user input into a usable format and guarantees that the data received cannot be construed as executable code.
  • Escape Rules: Rather than attempting to establish whether data is user-provided and therefore potentially compromised, you must take precautions and escape data regardless of whether it is user-provided.
  • Encoding JavaScript: Because the context into which you're writing defines the type of encoding you need to employ, encoding should be performed just before writing user-controllable data to a page.
  • Implementing CSP: A content security policy (CSP) can specify which functions a website is permitted to carry out. This may be the most robust approach available to you because it may prevent XSS attacks or considerably minimize their likelihood.
  • Using HTTPOnly Flag: If a web browser that supports HttpOnly discovers a cookie with the HttpOnly flag and client-side script code tries to retrieve the cookie, the browser returns an empty string. This prevents the malicious (typically XSS) code from delivering data to the attacker's website, causing the attack to fail.

With so many new facets in this tutorial, a live demonstration of how XSS attacks work will be beneficial. Now, look at the set of XSS challenges in our next section.

Demonstration of Cross-Site Scripting Attacks

You will solve a set of challenges dealing with multiple levels of XSS attacks. There are six levels in total. The website where one can start these attacks is XSS Game.

xss_demo_intro

Level 1: 

In this challenge, user input is immediately incorporated into the page without adequate escaping. You need to interact with the vulnerable program below to have it run JavaScript. For example, you may change the vulnerable window's URL bar or conduct actions within.

Because they are non-persistent XSS attacks, we must conduct a reflected XSS into the web-application, and the payload must be contained in the URL to be successful.

Payload: <script>alert('Level 1 Complete')</script>

xss_demo_1

Level 2:

Any text I submit appears to be a blockquote in the page source. So the same <script> tag from Level 1 should function here, but it doesn't. InnerHTML adds the created HTML fragment to the message. So, no script tags will be executed when the browser parses this HTML fragment (HTML variable in the preceding code). 

The solution here is to use events. Events will adequately execute the defined JavaScript snippet.

Payload: <img src=X onerror="alert('Level 2 Complete')">

xss_demo_2

The above injection attempts to load an image that does not exist, causing an OnError event. OnError will run our alert function.

Level 3:

When a tab is clicked, the URL fragment shows the tab number. The value after the #tag governs the page's functionality. Therefore, it is an input. Consequently, you only need to create a payload that changes the <img> tag to run Javascript. In this case, you will utilize the existing image element and modify the src to something that doesn't exist, causing it to run an OnError event with the URL.

Payload: xxs.jpg' onerror='alert("Level 3 done")'/>

/xss_demo_3

Level 4:

Because the website has a timer, putting numbers in the box starts a countdown, and when it ends, the program informs you. The value supplied in the textbox is sent to the server through the URL timer parameter.

In the OnLoad event of timer.html, the startTimer() function is invoked. However, the timer argument is provided directly to startTimer(). The Web-Application must do a pop-up alert() that escapes the startTimer function's content without disturbing the JavaScript code. The argument value is sent straight to startTimer() without filtering. Therefore, you can try to shoehorn an alert() function with the startTimer() function into the onload event.

Payload: ');alert('Level 4 Complete

xss_demo_4

Level 5:

You can inspect the page source. The "Next" link's href attribute value is "confirm," which matches the "next" URL query string. Using the "next" query parameter, you may add Javascript code to the href property of the "Next" link. Finally, the script activates when the user clicks the link.

Payload: javascript:alert('Level 5 Complete')

xss_demo_5

Level 6:

The flaw is in the code that handles the value following the # tag. Line 45 takes the value following the # tag as the gadget name. In line 48, this value is supplied directly to the includeGadget() function.

Cybersecurity Bootcamp

Certificate and Masterclasses From UCI DCEExplore Now
Cybersecurity Bootcamp

The includeGadget() function creates a <script> tag [line 18] and uses the URL (gadgetName) argument as src attribute of the script tag [line 28]. So you have total control over the HTML element of the script.

Payload: https://xss-game.appspot.com/level6/frame#data:application/javascript,alert('Level 6 complete')

xss_demo_6

Finally, you completed all six levels of our XSS challenge.

Conclusion

In this tutorial, you learned how cross-site scripting can prey on website vulnerabilities, its various categories, and some preventive measures that can help administrators protect their server software from being exploited. However, battling cross-site scripting is a single task in the ocean of skills an ethical hacker must master.

Simplilearn offers a Post Graduate Program in Cyber Security that covers all areas necessary to be learned by new and experienced ethical hackers alike. You covered topics like network sniffing, enumeration, and vulnerability analysis to prepare students for interviews and future corporate jobs. The IT industry is clamoring for competent cybersecurity personnel; therefore, now is the time to start learning about ethical hacking.

Do you have any questions about cross-site scripting attacks? Please leave your ideas and questions in the comment space below, and we will respond to them with solutions.

About the Author

SimplilearnSimplilearn

Simplilearn is one of the world’s leading providers of online training for Digital Marketing, Cloud Computing, Project Management, Data Science, IT, Software Development, and many other emerging technologies.

View More
  • Disclaimer
  • PMP, PMI, PMBOK, CAPM, PgMP, PfMP, ACP, PBA, RMP, SP, and OPM3 are registered marks of the Project Management Institute, Inc.