From BruCON 2015
Jump to: navigation, search

As a Pentester, have you ever wanted your XSS proof of concepts to go beyond Alert(‘XSS’)? What if you could show demos of hijacking form submissions, modifying entire page layouts, exfiltrate data from the vulnerable application? This workshop is designed to teach you EXACTLY that!

In the course of 4 hours, we will look at the basics of Javascript and use 20+ Challenges to take on the most common scenarios of XSS post-exploitation. You will actually be amazed at how easy it is to create compelling demos by reusing certain essential code snippets which we will create together in class!

The Challenges will include Stealing Cookies, Social Engineering and Phishing, Modify HTML, Add, Remove HTML elements, Hijacking Form Submits, Hijacking Mouse Clicks, Hijacking Links and Keystroke Logging among others.