Learning XSS with ChatGPT
ChatGPT is all the rage at the moment, with people claiming everything from "It can make a beginner look like a pro" to "I'm out of a job." so I thought I'd take a little time to explore just how capable this new tool really is. How well can ChatGPT really perform at the job of a pentester? Let's find out.
If I wanted to manually test for cross-site-scripting, what might I do?
Let’s give that a shot…
There are no input fields at http://rig.cytix.io/challenges/xss-2.php?animal=bird so how else might I be able to manually test this for XSS?
Let's apply that logic
It didn’t execute… Let's try something else
http://rig.cytix.io/challenges/xss-2.php?animal=<script>alert("XSS")</script> didn't work, what else can I use instead?
Going through them one-by-one...
Time for something a little harder?
how might I exploit XSS at this url http://rig.cytix.io/challenges/xss-3.php#Andy
This didn't work in my browser, what else should I try?
In at #2...
Ok, so we’ve got some pretty successful payloads under our belt. Now to actually make it do something interesting…
Make the svg payload do something more interesting
For the POC to work, I just need to switch out “yourserver.com” for localhost…
Looking at our listener...
Get a Free Trial From Cytix
Haven’t tried Cytix yet? Try our free trial to see how it works.Get a Free Trial
Ok so that’s great… but any decent security tester needs to know how to do more than just exploit.
How should I prevent attacks like these?
Start Detecting Vulnerabilities Others Miss Today
- Detect Vulnerabilities Faster
- Patch Vulnerabilities Faster
- Be more compliant