This project is a web application xss(Cross Site Scripting ) security training platform. XssLearner gives the opportunity to try out different type of xss attacks and follow up the necessary actions to prevent from hacking and to make sure the softwares are secure.
There is also a docker image available from Dockerhub you can pull it down with
docker pull nadeeshani/xsslearner
Then run,
docker run --rm -p 8080:8080 nadeeshani/xsslearner
or
download war file and deploy in the tomcat.
XSS learner can be used to try out some common xss(cross site scripting) attacks, such as,-
HTML element content Attack.
<div>userInput</div>
-
HTML attribute value Attack.
<input value="userInput">
-
JavaScript value Attack.
js Method("userInput")
-
URL query value Attack.
<img src ="userInput">
<a href="userInput">
-
DOM based Attack.
<div>userInput</div>
Then follow up the security guidelines to prevent each type of attacks by using OWASP Java Encoder .
XssLearner gives the opportunity to attack to a vulnerable code. Then it shows the secure way to follow when develop the software.