The Beginner's Guide to Blind XSS (Cross-Site Scripting)
Рет қаралды 35,795
8 ай бұрын🚩Signup for Snyk's CTF 👉🏼 snyk.co/nahamsecctf
📚 Purchase my Bug Bounty Course here 👉🏼 bugbounty.nahamsec.training
XSS Hunter:
github.com/mandatoryprogramme...
Trufflehog XSS Hunter
xsshunter.trufflesecurity.com/
💵 Support the Channel:
You can support the channel by becoming a member and get access exclusive content, behind the scenes, live hacking session and more!
☕️ Buy Me Coffee:
www.buymeacoffee.com/nahamsec
JOIN DISCORD:
discordapp.com/invite/ucCz7uh
🆓 🆓 🆓 $200 DigitalOcean Credit:
m.do.co/c/3236319b9d0b
💬 Social Media
- / nahamsec
- / nahamsec
- twitch.com/nahamsec
- / nahamsec1
#bugbounty #ethicalhacking #infosec #cybersecurity #redteam #webapp
@wamboowamboo2341 6 ай бұрын
It's great that you record such materials, I haven't watched everything yet, but you do a great job!
@NareshKommuri 8 ай бұрын
This is really great to watch. I'm sure this will be beneficial for so many out there on the bugbounty path!! Looking forward for more videos like this. Cheers!!
@williamperry2074 8 ай бұрын
Great video, presentation was excellent. I enjoy learning these techniques since I am new to the game. More videos like this is much appreciated.
@inventdev9160 6 ай бұрын
Excellent tutorial! As a newbie to this BB world, this is the kind of video I am looking for.
@loneliestwolf4228 8 ай бұрын
Wow !!! great explanation about XSS........THANK YOU VERY MUCH BEN !!!
@ray1472 7 ай бұрын
Loved the video, helped me so much to be honest. Plz keep up the step by steps they help a lot.
@brs2379 8 ай бұрын
Love this kind of video, please keep doing these videos where you go through your thought process step by step
@NahamSec 8 ай бұрын
Thank you! Will do!
@charlymarchiaro 8 ай бұрын
Excellent, really good stuff. Please make more videos like this!
@mianashhad9802 8 ай бұрын
Love these beginner-centric videos. I am still waiting for the JavaScript for hackers one :)
@M1L2F6 8 ай бұрын
This is awesome! I like how you don't rehash the basics everyone is trying to teach.
@mahnooraltaf8525 2 ай бұрын
Thanka for uploading this video really helpful ❤
@The_Dark_Cats 8 ай бұрын
More like this please! Great information.
@moneymac1114 4 ай бұрын
Wow. Lemme subscribe right now! Great explanation
@thamsanqangubane6411 7 ай бұрын
Please do more if this type of videos for us to get the practical understanding of bug bounty....
@GoliTech 8 ай бұрын
Hi Nahamsec, thanks for your priceless inforamtion. could u pls tell us what will we get if we join to the channel as well? is there any extra content?
@javascriptalert136 8 ай бұрын
Hey @NahamSec great video as always. I you should also make a video for XSS hunder set-up. like how to host it on server etc.
@gokulsudhakar2203 8 ай бұрын
Brilliant stuff!
@zTech300 8 ай бұрын
Great video, more content like this please.
@perspectiveafz4629 7 ай бұрын
Wow , great information. ❤
@mahnooraltaf8525 2 ай бұрын
Please make more detail videos on XSS and payload creation
@ysxninja 8 ай бұрын
beautiful stuff
@egryan1 8 ай бұрын
Does the program usually require you tell them where you injected the payload i.e like in the address field or additional comment box if so how do you keep track of that.
@this_name_is_not_available6923 8 ай бұрын
Is it advisable to “spray and pray” the blind xss payload in headers?
@rajeshranjan7034 8 ай бұрын
Thankyou Ben
@user-xr7ss9sc1x 6 ай бұрын
Great Video! I take it you could do the same with SSRF by inputting a burp collab link within the tag and if it fires with HTTP / DNS responses it can be assumed that its executing. For this, could you use the Proof of Concept that Blind XSS would be present since the collaborator access link would be executed?
@ibrahimmuhammad4194 8 ай бұрын
Nice one!
@sushantsahani4185 8 ай бұрын
Please make a video on xss vulnerability covering the thought process to identify xss, injecting payload, thought process to bypassing waf on real site
@i_am_dumb1070 8 ай бұрын
Cfbr
@darkmix4192 3 ай бұрын
Using xss_vibes,xsstrike tool to bypassing waf.
@TheAwillz 2 ай бұрын
Yeah I second this please. I’m a noob and keep making stupid syntax mistakes (amongst larger ones) would be really helpful if possible please mate
@root3038 8 ай бұрын
I saw in input area most of them is sanitzi based on html entity the any other option to bypass the sanitazi
@baravind719 8 ай бұрын
I have a query that if I use trufflesecurity then can I customise it like your payload?
@alizareii8307 8 ай бұрын
You are great دمت گرممم
@nafizimtiaz9367 8 ай бұрын
Useful Video as always. Hope to meet you someday at some LHE
@NahamSec 8 ай бұрын
🤞🏽🤞🏽🤞🏽
@loneliestwolf4228 8 ай бұрын
Looking forward for live hacking stream by you !!!!
@howtodefeatgangstalking 8 ай бұрын
Could you make a video doing XSS against a WordPress web-site and show different ways one could learn how to exploit XSS in WordPress websites and plugins?
@mohammadrezaabbasi4841 8 ай бұрын
Hey, Thanks for these awesome contents :))پرچمت بالاس
@NahamSec 8 ай бұрын
🇮🇷
@mohammadrezaabbasi4841 8 ай бұрын
🇮🇷🇮🇷🇮🇷🇮🇷@@NahamSec
@mr.researcher1525 8 ай бұрын
More...walkthrough. ❤️
@aniketakhade4452 8 ай бұрын
Do you use any encodings here?
@The_ancestor_of_Mars_humans 8 ай бұрын
make a video on , what is your way to bypass filters, and get your payload work
@krishnajoshi8643 6 ай бұрын
i watched your video..i had completed CEH and after CEH v11 can i go for CTF or need anything else ?
@shohaghasan5641 4 ай бұрын
A large WOW!
@jeremyg737 8 ай бұрын
At 17:57 how did the opening angle bracket of the payload not get encoded when the closing angle bracket before it did?
@songoku-wy8cf 3 ай бұрын
I think, it's kinda security mechanism which kept in place to avoid xss. So, whenever any closing tag appears, it encodes it. So that no full tag will appear...even If you use img, script tag, closing bracket alone will be encoded by making our payload doesn't work
@themynamesb 7 ай бұрын
@nahamsec can you plz shr the custom script that you wrote (modification of the xsshunter script). It is nice and light weight.
@steiner254 8 ай бұрын
Awesome
@Ajay-kz6zw 8 ай бұрын
Make video about how to setup xss hunter🙏
@MarkFoudy 8 ай бұрын
thank you
@sherminmehdi8748 7 ай бұрын
Thank U bro🎉🎉🎉🎉❤
@user-ot4gm6qf2d 7 ай бұрын
what to do when the input field cuts off all signs
@lovefacts1555 8 ай бұрын
for input we can add attributes like (onload) e.g: '" onload="JS_here"/>
@pichik1836 8 ай бұрын
any good event with import for that input tag
@free_user 8 ай бұрын
Best one explain "how to hack". Thank you so much
@NahamSec 8 ай бұрын
Enjoy!!
@blackshell4286 8 ай бұрын
I liked what was written on your hat. I would like to ask a question: I create websites by purchasing a theme and modifying it. Do the topics take into account the issue of structured code from inputs such as sql, xss, etc.? If not, what should I do to make the client's site more secure? Greetings to you from Morocco
@Ajay-kz6zw 8 ай бұрын
Which tool use for blind xss? Truffles xsshunter is safe?
@AAA-rk2fj 7 ай бұрын
thanks naham
@discopernicus 7 ай бұрын
How easy is it to remove this xss script if it is planned to website without much management panel like linktree or heylink. Someone put it on mine and i don't know how to remove it
@shaikshainsha8948 8 ай бұрын
I can keep onclick=alert(1) ..so when ever click it pops up
@debugdebug-t6i 10 сағат бұрын
Great
@KamalUddin-ih1vs 7 ай бұрын
Hello sir Whare i get those website playing the xss,blind xss stored xss , csrf ,ssrf and so much more i playing the Metasploitable but its old Can you suggest the website 😢
@socalledhacker 8 ай бұрын
This is something new to my knowledge. thnx bro...///
@Aks-jc3bq 8 ай бұрын
sir I new to this field please guide me how to start from scratch 🙏
@Mohamad-xb1pv 8 ай бұрын
Hello, what is written on your hat and where did you buy it? It is very beautiful
@NahamSec 8 ай бұрын
I made it. It says Tehran
@Prem-Madhani 8 ай бұрын
Please Make this type of contents
@aligoodluck7064 8 ай бұрын
i like your hat whats the arabi word meanings ?
@dprzxc 8 ай бұрын
Tehran on the hat =))
@jaypanchal9748 8 ай бұрын
make more content like this
@Gourav_mujalde 8 ай бұрын
Please improve audio quality 🙏
@TungAnhNguyen-vr8pr 8 ай бұрын
Can you help me?
@gAMANtheBihar 8 ай бұрын
Hiiie ben hope u doin well…love ya brother 🫡🤗🤗
@NahamSec 8 ай бұрын
❤️🥰
@hxmo656 8 ай бұрын
Could we also use Burp Collab
@NahamSec 8 ай бұрын
No, burp collab doesn't allow you to serve JS. You need to either use a tool or create your own
@LALPRO_ 8 ай бұрын
@@NahamSecsir i have hostinger hosting but i don't know how to host this can you make a full video on hosting bxss
@geniusskills6151 8 ай бұрын
Audio is always low why ?
@NahamSec 8 ай бұрын
I'm not seeing any issues. Can you tell me what you are watching this on?
@lowkey_ssh 8 ай бұрын
@@NahamSec yup its always lower than other normal videos..
@LALPRO_ 8 ай бұрын
@@NahamSecvoice is good
@this_name_is_not_available6923 8 ай бұрын
Damn 50k a day. That is someone’s average annual income already
@papafhill9126 8 ай бұрын
For 18:24, I'd guess using something like: input type=image src=something.png onload=alert(1) Or input autofocus onfocus=alert(1) Not sure those are right, but that's my guess.
@NahamSec 8 ай бұрын
autofocus onfocus should be the right answer, but it may need some playing around.
@AzScep00 8 ай бұрын
First comment hehe
@NahamSec 8 ай бұрын
Almost!
@gAMANtheBihar 8 ай бұрын
I was first hihi😊😊
@imamulhuda6202 8 ай бұрын
Make the audio louder please ☹️
@Andrei-ds8qv 8 ай бұрын
The CTF first challage is to manage to register and invite your friends
@faez322 5 ай бұрын
nice cap :D
@j0hnny_R3db34rd 8 ай бұрын
Welcome to 20 years ago.
@khanmamun52 8 ай бұрын
This content for beginner🙄🙄
@grassy-p12 8 ай бұрын
onmouseover could be best;
Bug Bounty Reports Explained
Рет қаралды 25 М.