本文介绍了一次因时间限制而进行的手动XSS测试经历,并分享了使用Ratproxy工具的过程及心得。从安装配置到网站扫描,详细记录了每一步操作。
Tested XSS the other day manually due to time constraint, using some xss cheat sheet from web. Found Google's tool Ratproxy then, played with it and write some notes about that.
Env: Ubuntu
1. Install libssl and openssl
sudo apt-get install libssl-dev openssl
2. Download ratproxy from http://code.google.com/p/ratproxy/
3. cd ratproxy
make
4. Set the browser proxy to localhost:8080
5. Start ratproxy
./ratproxy -v . -w *.log -d f url of site -lfscm
6. Then go to the website, manually click any page that can accept input text
7. Generate a html from *.log and analyze it
Env: Ubuntu
1. Install libssl and openssl
sudo apt-get install libssl-dev openssl
2. Download ratproxy from http://code.google.com/p/ratproxy/
3. cd ratproxy
make
4. Set the browser proxy to localhost:8080
5. Start ratproxy
./ratproxy -v . -w *.log -d f url of site -lfscm
6. Then go to the website, manually click any page that can accept input text
7. Generate a html from *.log and analyze it
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
