Articles — workflow

Tasos Laskos

Script your DOM XSS exploitation workflow

Hello all, I wanted to share some Codename SCNR scripting kung-fu with you. This is something you can use post-scan, to exploit/validate your DOM XSS vulnerabilities. It can get tedious repeating the same steps manually over and over while exploring DOM XSS, but this script will help you automate the boring parts and leave you with all the fun. It will also allow you to intercept and inspect HTTP traffic from Ruby, in the form of HTTP::Request and HTTP::Response objects. In addition, you can still also chain Burp or ZAP to further your investigation.   Happy scanning! - Tasos L.

Read more