Skip to content
/ xss-challenge Public

An xss web challenge based on flask, nodejs, headless chrome & puppeteer

License

Apache-2.0 license
1 star 3 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

maoning/xss-challenge

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

8 Commits
vulnapp
vulnapp
 
 
xssbot
xssbot
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
chrome.json
chrome.json
 
 
docker-compose.yml
docker-compose.yml
 
 
sample-env.list
sample-env.list
 
 

Repository files navigation

xss-challenge

An xss web challenge based on flask, nodejs, headless chrome & puppeteer

Local Setup

git clone https://github.com/maoning/xss-challenge.git
cd xss-challenge
docker-compose build
docker-compose up

Visit http://localhost:5000 to access the vulnerable app.

Design

vulnapp

vulnapp container hosts a simple flask app that contains a reflected xss vulnerability. When a message is submitted via the app, it calls xssbot service to read the message.

xssbot

xssbot is a nodejs server. Once it receives an api call from vulnapp to read a message, and if the message is a url, it will use headless chrome to visit that url with an admin cookie.

Caveat

xssbot can reach vulnapp service via http://vulnapp:5000.

About

An xss web challenge based on flask, nodejs, headless chrome & puppeteer

Resources

Readme

License

Apache-2.0 license
Activity

Stars

1 star

Watchers

1 watching

Forks

3 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •  

Languages