Reader small image

You're reading from  Burp Suite Cookbook - Second Edition

Product typeBook
Published inOct 2023
PublisherPackt
ISBN-139781835081075
Edition2nd Edition
Right arrow
Author (1)
Dr. Sunny Wear
Dr. Sunny Wear
author image
Dr. Sunny Wear

Dr. Sunny Wear is a web security architect and penetration tester. She provides secure coding classes, creates software, and performs penetration testing on web/API and mobile applications. Sunny has more than 25 years of hands-on software programming, architecture, and security experience and holds a Doctor of Science in Cybersecurity. She is a content creator on Pluralsight, with three courses on Burp Suite. She is a published author, a developer of mobile apps such as Burp Tool Buddy, and a content creator on courses related to web security and penetration testing. She regularly speaks and holds classes at security conferences such as Defcon, Hackfest, and BSides.
Read more about Dr. Sunny Wear

Right arrow

Leveraging DOM Invader for testing DOM XSS

Let’s use PortSwigger’s integrated browser with an add-on called DOM Invader to cover more of the attack surface on the client, probing for potential DOM XSS and other weaknesses.

Getting ready

We will use the same exercise, HTML5 Storage, and Burp Suite’s DOM Invader to help us determine whether there are any vulnerable sinks or sources on the web page.

How to do it...

  1. Using the Burp Suite browser, click the DOM Invader icon at the top.
Figure 9.16 – DOM Invader icon on the Burp Suite browser

Figure 9.16 – DOM Invader icon on the Burp Suite browser

  1. Select the DOM Invader tab and make sure DOM Invader is on is set. Also, note the canary value that is assigned. This is randomized and you can customize the value if you like:
Figure 9.17 – DOM Invader menu

Figure 9.17 – DOM Invader menu

  1. Navigate to the HTML 5 Storage page in your Burp Suite browser:
Figure 9.18 – HTML 5 Storage page

Figure 9.18 –...

lock icon
The rest of the page is locked
Previous PageNext Page
You have been reading a chapter from
Burp Suite Cookbook - Second Edition
Published in: Oct 2023Publisher: PacktISBN-13: 9781835081075

Author (1)

author image
Dr. Sunny Wear

Dr. Sunny Wear is a web security architect and penetration tester. She provides secure coding classes, creates software, and performs penetration testing on web/API and mobile applications. Sunny has more than 25 years of hands-on software programming, architecture, and security experience and holds a Doctor of Science in Cybersecurity. She is a content creator on Pluralsight, with three courses on Burp Suite. She is a published author, a developer of mobile apps such as Burp Tool Buddy, and a content creator on courses related to web security and penetration testing. She regularly speaks and holds classes at security conferences such as Defcon, Hackfest, and BSides.
Read more about Dr. Sunny Wear