Leveraging DOM Invader for testing DOM XSS
Let’s use PortSwigger’s integrated browser with an add-on called DOM Invader to cover more of the attack surface on the client, probing for potential DOM XSS and other weaknesses.
Getting ready
We will use the same exercise, HTML5 Storage, and Burp Suite’s DOM Invader to help us determine whether there are any vulnerable sinks or sources on the web page.
How to do it...
Figure 9.16 – DOM Invader icon on the Burp Suite browser
- Select the DOM Invader tab and make sure DOM Invader is on is set. Also, note the canary value that is assigned. This is randomized and you can customize the value if you like:
Figure 9.17 – DOM Invader menu
Figure 9.18 –...