Cross-site scripting (XSS) is a client-side attack where malicious JavaScript code is executed by a user's browser if they visit a link or page containing the code. This can allow attackers to steal users' session cookies, inject other malicious links or scripts onto pages, and access users' webcams or microphones. While users can't fully prevent XSS vulnerabilities themselves since they are on websites, they can use separate browsers for personal and suspicious links, disable JavaScript, keep browsers updated, and limit permissions to help reduce risks from XSS attacks.
1. Can I get hacked by clicking on a malicious link?
Cross site scripting
2. Introduction
Cross site scripting is a client side attact.
It usualy happens because browser wrongly
predict and execute the user input as a part of
web page’s javascript source code.
3. Types of XSS vulnerability
Reflected XSS
Stored XSS
DOM based XSS
4. What an attacker could do with this vulnerability?
Get your session cookies
Can impliment javscript keylogger
Can inject other malicious links on the page
Can access your webcam and microphone
Etc...,
6. Cookie stealing (with reflected xss)
Just imagine Facebook has XSS vulnerability and you are logged in on Fb in your web browser.
Attacker send a fb link.
The link sent by attacker contains malicious javascript code.
If you open it on your browser your browser will authenticate you with Facebook using the session cookies.
Javscript code copy the cookies and send it to the attacker.
7. How to prevent yourself form XSS?
Sadly you can’t do much about protecting yourself from it.
Because it’s a vulnerability present on the website.
Mostly these attacks are targetting the session cookies.
So use two different browsers, one for personal use and another one for test
only suspicious links.
Use noscript like browser plugin to fully disable the javascrtipt on the website
(Laptop / desktop)
8. How to prevent yourself form XSS?
Disable the javascript on the browser which you
are using to test malicious links ( Mobile )
Always keep your browser as uptdated.
Don’t give any unnecessery permissions to any
website.
Always cover your webcam with piece of tape.
9. Learn More ...,
Cross origin resource sharing
Same origin policy
XSS auditor
Beef framework