Cross-site Scripting (XSS) on DVWA

Cross-site Scripting (XSS) is one of the common vulnerabilities found in web applications. It is considered as a type of injection in the client-side that will affect the other users. It also may be used by attackers to bypass access controls such as the same-origin policy.
In this post, I’m going to show you some examples of Reflected, Stored, and DOM-Based XSS in DVWA (click here for DVWA’s installation guide on Linux) and why is it considered as a vulnerability.

Continue reading

Create a Phishing Website

Attention: This post is for educational purposes only. I do not advise or encourage anyone to do the following process for malicious reasons.

Phishing is the attempt to obtain sensitive information such as usernames, passwords, and credit card details by disguising as a trustworthy entity in an electronic communication. Phishing might be useful during the Social Engineering step in Kali Linux Penetration Testing process. Social engineering is the practice of learning and obtaining valuable information by exploiting human vulnerabilities.

In this post, I’m going to show you how to create a phishing website using 2 methods: BeEF XSS Framework and SET. Not only that, I’ll talk about how a hacker persuades their target to go to his/her fake website and obtain the important information.

Continue reading