The Beginner's Guide to Blind XSS (Cross-Site Scripting)
Рет қаралды 34,012
7 ай бұрын🚩Signup for Snyk's CTF 👉🏼 snyk.co/nahamsecctf
📚 Purchase my Bug Bounty Course here 👉🏼 bugbounty.nahamsec.training
XSS Hunter:
github.com/mandatoryprogramme...
Trufflehog XSS Hunter
xsshunter.trufflesecurity.com/
💵 Support the Channel:
You can support the channel by becoming a member and get access exclusive content, behind the scenes, live hacking session and more!
☕️ Buy Me Coffee:
www.buymeacoffee.com/nahamsec
JOIN DISCORD:
discordapp.com/invite/ucCz7uh
🆓 🆓 🆓 $200 DigitalOcean Credit:
m.do.co/c/3236319b9d0b
💬 Social Media
- / nahamsec
- / nahamsec
- twitch.com/nahamsec
- / nahamsec1
#bugbounty #ethicalhacking #infosec #cybersecurity #redteam #webapp
@wamboowamboo2341 5 ай бұрын
It's great that you record such materials, I haven't watched everything yet, but you do a great job!
@NareshKommuri 6 ай бұрын
This is really great to watch. I'm sure this will be beneficial for so many out there on the bugbounty path!! Looking forward for more videos like this. Cheers!!
@williamperry2074 7 ай бұрын
Great video, presentation was excellent. I enjoy learning these techniques since I am new to the game. More videos like this is much appreciated.
@inventdev9160 5 ай бұрын
Excellent tutorial! As a newbie to this BB world, this is the kind of video I am looking for.
@ray1472 6 ай бұрын
Loved the video, helped me so much to be honest. Plz keep up the step by steps they help a lot.
@loneliestwolf4228 7 ай бұрын
Wow !!! great explanation about XSS........THANK YOU VERY MUCH BEN !!!
@brs2379 7 ай бұрын
Love this kind of video, please keep doing these videos where you go through your thought process step by step
@NahamSec 7 ай бұрын
Thank you! Will do!
@charlymarchiaro 7 ай бұрын
Excellent, really good stuff. Please make more videos like this!
@mianashhad9802 6 ай бұрын
Love these beginner-centric videos. I am still waiting for the JavaScript for hackers one :)
@M1L2F6 7 ай бұрын
This is awesome! I like how you don't rehash the basics everyone is trying to teach.
@mahnooraltaf8525 Ай бұрын
Thanka for uploading this video really helpful ❤
@thamsanqangubane6411 5 ай бұрын
Please do more if this type of videos for us to get the practical understanding of bug bounty....
@The_Dark_Cats 6 ай бұрын
More like this please! Great information.
@GoliTech 7 ай бұрын
Hi Nahamsec, thanks for your priceless inforamtion. could u pls tell us what will we get if we join to the channel as well? is there any extra content?
@moneymac1114 2 ай бұрын
Wow. Lemme subscribe right now! Great explanation
@javascriptalert136 7 ай бұрын
Hey @NahamSec great video as always. I you should also make a video for XSS hunder set-up. like how to host it on server etc.
@mahnooraltaf8525 Ай бұрын
Please make more detail videos on XSS and payload creation
@zTech300 7 ай бұрын
Great video, more content like this please.
@egryan1 7 ай бұрын
Does the program usually require you tell them where you injected the payload i.e like in the address field or additional comment box if so how do you keep track of that.
@gokulsudhakar2203 7 ай бұрын
Brilliant stuff!
@user-xr7ss9sc1x 5 ай бұрын
Great Video! I take it you could do the same with SSRF by inputting a burp collab link within the tag and if it fires with HTTP / DNS responses it can be assumed that its executing. For this, could you use the Proof of Concept that Blind XSS would be present since the collaborator access link would be executed?
@perspectiveafz4629 6 ай бұрын
Wow , great information. ❤
@nafizimtiaz9367 7 ай бұрын
Useful Video as always. Hope to meet you someday at some LHE
@NahamSec 7 ай бұрын
🤞🏽🤞🏽🤞🏽
@this_name_is_not_available6923 7 ай бұрын
Is it advisable to “spray and pray” the blind xss payload in headers?
@baravind719 7 ай бұрын
I have a query that if I use trufflesecurity then can I customise it like your payload?
@ysxninja 7 ай бұрын
beautiful stuff
@aniketakhade4452 7 ай бұрын
Do you use any encodings here?
@krishnajoshi8643 4 ай бұрын
i watched your video..i had completed CEH and after CEH v11 can i go for CTF or need anything else ?
@blackshell4286 7 ай бұрын
I liked what was written on your hat. I would like to ask a question: I create websites by purchasing a theme and modifying it. Do the topics take into account the issue of structured code from inputs such as sql, xss, etc.? If not, what should I do to make the client's site more secure? Greetings to you from Morocco
@loneliestwolf4228 7 ай бұрын
Looking forward for live hacking stream by you !!!!
@root3038 7 ай бұрын
I saw in input area most of them is sanitzi based on html entity the any other option to bypass the sanitazi
@rajeshranjan7034 7 ай бұрын
Thankyou Ben
@ibrahimmuhammad4194 7 ай бұрын
Nice one!
@mr.researcher1525 7 ай бұрын
More...walkthrough. ❤️
@jeremyg737 7 ай бұрын
At 17:57 how did the opening angle bracket of the payload not get encoded when the closing angle bracket before it did?
@songoku-wy8cf 2 ай бұрын
I think, it's kinda security mechanism which kept in place to avoid xss. So, whenever any closing tag appears, it encodes it. So that no full tag will appear...even If you use img, script tag, closing bracket alone will be encoded by making our payload doesn't work
@mohammadrezaabbasi4841 7 ай бұрын
Hey, Thanks for these awesome contents :))پرچمت بالاس
@NahamSec 7 ай бұрын
🇮🇷
@mohammadrezaabbasi4841 7 ай бұрын
🇮🇷🇮🇷🇮🇷🇮🇷@@NahamSec
@Ajay-kz6zw 6 ай бұрын
Which tool use for blind xss? Truffles xsshunter is safe?
@themynamesb 6 ай бұрын
@nahamsec can you plz shr the custom script that you wrote (modification of the xsshunter script). It is nice and light weight.
@howtodefeatgangstalking 6 ай бұрын
Could you make a video doing XSS against a WordPress web-site and show different ways one could learn how to exploit XSS in WordPress websites and plugins?
@pichik1836 7 ай бұрын
any good event with import for that input tag
@discopernicus 6 ай бұрын
How easy is it to remove this xss script if it is planned to website without much management panel like linktree or heylink. Someone put it on mine and i don't know how to remove it
@alizareii8307 7 ай бұрын
You are great دمت گرممم
@KamalUddin-ih1vs 5 ай бұрын
Hello sir Whare i get those website playing the xss,blind xss stored xss , csrf ,ssrf and so much more i playing the Metasploitable but its old Can you suggest the website 😢
@The_ancestor_of_Mars_humans 7 ай бұрын
make a video on , what is your way to bypass filters, and get your payload work
@sushantsahani4185 7 ай бұрын
Please make a video on xss vulnerability covering the thought process to identify xss, injecting payload, thought process to bypassing waf on real site
@i_am_dumb1070 7 ай бұрын
Cfbr
@darkmix4192 2 ай бұрын
Using xss_vibes,xsstrike tool to bypassing waf.
@TheAwillz Ай бұрын
Yeah I second this please. I’m a noob and keep making stupid syntax mistakes (amongst larger ones) would be really helpful if possible please mate
@sherminmehdi8748 6 ай бұрын
Thank U bro🎉🎉🎉🎉❤
@free_user 7 ай бұрын
Best one explain "how to hack". Thank you so much
@NahamSec 7 ай бұрын
Enjoy!!
@user-ot4gm6qf2d 6 ай бұрын
what to do when the input field cuts off all signs
@lovefacts1555 7 ай бұрын
for input we can add attributes like (onload) e.g: '" onload="JS_here"/>
@steiner254 6 ай бұрын
Awesome
@MarkFoudy 7 ай бұрын
thank you
@socalledhacker 7 ай бұрын
This is something new to my knowledge. thnx bro...///
@Mohamad-xb1pv 7 ай бұрын
Hello, what is written on your hat and where did you buy it? It is very beautiful
@NahamSec 7 ай бұрын
I made it. It says Tehran
@shaikshainsha8948 7 ай бұрын
I can keep onclick=alert(1) ..so when ever click it pops up
@AAA-rk2fj 5 ай бұрын
thanks naham
@shohaghasan5641 3 ай бұрын
A large WOW!
@Ajay-kz6zw 7 ай бұрын
Make video about how to setup xss hunter🙏
@Prem-Madhani 7 ай бұрын
Please Make this type of contents
@Aks-jc3bq 6 ай бұрын
sir I new to this field please guide me how to start from scratch 🙏
@aligoodluck7064 7 ай бұрын
i like your hat whats the arabi word meanings ?
@jaypanchal9748 7 ай бұрын
make more content like this
@dprzxc 7 ай бұрын
Tehran on the hat =))
@TungAnhNguyen-vr8pr 7 ай бұрын
Can you help me?
@gysotgaming4530 7 ай бұрын
Hiiie ben hope u doin well…love ya brother 🫡🤗🤗
@NahamSec 7 ай бұрын
❤️🥰
@hxmo656 7 ай бұрын
Could we also use Burp Collab
@NahamSec 7 ай бұрын
No, burp collab doesn't allow you to serve JS. You need to either use a tool or create your own
@LALPRO_ 6 ай бұрын
@@NahamSecsir i have hostinger hosting but i don't know how to host this can you make a full video on hosting bxss
@Gourav_mujalde 7 ай бұрын
Please improve audio quality 🙏
@geniusskills6151 7 ай бұрын
Audio is always low why ?
@NahamSec 7 ай бұрын
I'm not seeing any issues. Can you tell me what you are watching this on?
@exploit-goon 7 ай бұрын
@@NahamSec yup its always lower than other normal videos..
@LALPRO_ 6 ай бұрын
@@NahamSecvoice is good
@this_name_is_not_available6923 7 ай бұрын
Damn 50k a day. That is someone’s average annual income already
@papafhill9126 7 ай бұрын
For 18:24, I'd guess using something like: input type=image src=something.png onload=alert(1) Or input autofocus onfocus=alert(1) Not sure those are right, but that's my guess.
@NahamSec 7 ай бұрын
autofocus onfocus should be the right answer, but it may need some playing around.
@MuhammadAzhar-bz9qs 7 ай бұрын
First comment hehe
@NahamSec 7 ай бұрын
Almost!
@gysotgaming4530 7 ай бұрын
I was first hihi😊😊
@imamulhuda6202 7 ай бұрын
Make the audio louder please ☹️
@faez322 4 ай бұрын
nice cap :D
@Andrei-ds8qv 7 ай бұрын
The CTF first challage is to manage to register and invite your friends
@khanmamun52 7 ай бұрын
This content for beginner🙄🙄
@j0hnny_R3db34rd 7 ай бұрын
Welcome to 20 years ago.
@grassy-p12 7 ай бұрын
onmouseover could be best;
David Bombal
Рет қаралды 313 М.
Marat Oralgazin
Рет қаралды 343 М.
Critical Thinking - Bug Bounty Podcast
Рет қаралды 10 М.
NahamSec
Рет қаралды 150 М.
Marat Oralgazin
Рет қаралды 343 М.