The Pentesting Guide
TwitterBlog
  • The Pentesting Guide
  • ℹ️0 - Pre-Engagement
  • 🔍1 - Information Gathering
  • Passive (OSINT)
  • Active
    • 🕵️HUMINT
    • WIFI
    • IP & Port Scanning
    • Services
      • 21 - FTP
      • 22 - SSH
      • 25 - SMTP
      • 53 - DNS
      • 80,443 - WEB
      • 88 - Kerberos
      • 110 - POP3
      • 111 - rpcbind
      • 161 - SNMP
      • 389 - LDAP
      • 139,445 - SMB
      • Active Directory
  • 💣2 - Exploitation
  • Brute Forcing
  • WEB
    • Apache Tomcat
    • Authentication
    • Broken Access Control
    • Cache poisoning
    • Clickjacking
    • CORS
    • CSRF
    • File Inclusion
    • Host Header Injection
    • HTTP Request Smuggling
    • Information disclosure
    • JWT
    • OS command injection
    • PHP deserialisation
    • SQLi
    • SSRF
    • SSTI
    • Shellshock
    • Unrestricted File Upload
    • XSS
    • XXE
  • Web (OWASP Test cases)
    • 4.1 Information Gathering
    • 4.2 Configuration and Deployment Management Testing
    • 4.3 Identity Management Testing
    • 4.4 Authentication Testing
    • 4.5 Authorization Testing
    • 4.6 Session Management Testing
    • 4.7 Input Validation Testing
    • 4.8 Testing for Error Handling
    • 4.9 Testing for Weak Cryptography
    • 4.10 Business Logic Testing
    • 4.11 Client-side Testing
    • 4.12 API Testing
  • WIFI
  • HUMINT
    • 🎣Gophish (Phishing)
    • Malicious Phishing Files
    • Phishing Evaluation
  • BoF - Windows(x86)
  • Active Directory
    • Kerberos
    • GPOs
    • Certificates
    • LAPS
    • Domain Trusts
  • 👿3 - Post Exploitation
  • File transfer
  • Shells
  • Situational Awareness
    • Containers and VMs
    • Linux
    • Windows
      • Dumping Credentials
      • Countermeasure Evasion
    • Active Directory
      • BloodHound & SharpHound
  • General
    • Linux
    • Windows
  • Local Privilege Escalation
    • Linux
    • Windows
  • Persistance
    • Windows
  • Cracking
  • Pivoting
    • Tunnelling & Port Forwarding
  • Lateral Movement
  • WIFI
  • 📓4 - Report
  • 🧹5 - House cleaning
Powered by GitBook
On this page
  • Client-side Testing
  • 4.11.1 Testing for DOM-Based Cross Site Scripting
  • 4.11.2 Testing for JavaScript Execution
  • 4.11.3 Testing for HTML Injection
  • 4.11.4 Testing for Client-side URL Redirect
  • 4.11.5 Testing for CSS Injection
  • 4.11.6 Testing for Client-side Resource Manipulation
  • 4.11.7 Testing Cross Origin Resource Sharing
  • 4.11.8 Testing for Cross Site Flashing
  • 4.11.9 Testing for Clickjacking
  • 4.11.10 Testing WebSockets
  • 4.11.11 Testing Web Messaging
  • 4.11.12 Testing Browser Storage
  • 4.11.13 Testing for Cross Site Script Inclusion
  1. Web (OWASP Test cases)

4.11 Client-side Testing

Client-side Testing

4.11.1 Testing for DOM-Based Cross Site Scripting

document.URL|document.documentURI|document.URLUnencoded|document.baseURI|location.search|document.cookie|document.referrer|location.
document.write\(|document.writeln\(|document.domain|\w\.innerHTML|\w\.outerHTML|\w\.insertAdjacentHTML|\w\.onevent

Evidence:

​

4.11.2 Testing for JavaScript Execution

Evidence:

​

4.11.3 Testing for HTML Injection

Evidence:

​

4.11.4 Testing for Client-side URL Redirect

[?&](url|link|redirect|target|site|page|navigate|ref|callback|host|return|next|returnurl|redirectUrl)=

Evidence:

​

4.11.5 Testing for CSS Injection

Evidence:

​

4.11.6 Testing for Client-side Resource Manipulation

[?&](file|path|document|folder|dir|download|resource|view|load|template|img|image)=|.src=

Evidence:

​

4.11.7 Testing Cross Origin Resource Sharing

Evidence:

​

4.11.8 Testing for Cross Site Flashing

Evidence:

​

4.11.9 Testing for Clickjacking

<!-- clickjacking.html: -->
<html>
   <head>
     <title>Clickjack test page</title>
   </head>
   <body>
     <h1>Website is vulnerable to clickjacking attacks!</h1>
     <p>Embebed in a iframe for clickjackings attacks</p> 
     <p>Authenticated page with privilege actions</p> 
     <input type="button" value="Vulnerable" style="position:absolute;top:280;left:450;background-color:red;color:white;padding: 10px 15px;">
     <iframe src="https://example.com/" style="opacity:0.5; filter:alpha(opacity=30)" width="1500" height="1000"></iframe>
   </body>
</html>
<!-- Attacker’s top frame (pre-clickjacking.html): -->
<h1>Double Framing Attack (First Frame)</h1>
<iframe src="clickjacking.html" width="3000" height="2000"></iframe>
<iframe src="http://example.org" security="restricted"></iframe>
<iframe src="http://example.org" sandbox></iframe>
<h1>www.fictitious.site</h1>
<script>
    window.onbeforeunload = function()
    {
        return " Do you want to leave fictitious.site?";
    }
</script>
<iframe src="http://example.org">

Evidence:

​

4.11.10 Testing WebSockets

Evidence:

​

4.11.11 Testing Web Messaging

Evidence:

​

4.11.12 Testing Browser Storage

Evidence:

​

4.11.13 Testing for Cross Site Script Inclusion

Evidence:

​

Last updated 6 months ago