Stealing Login Credentials using BeEF and Cross Site Scripting (XSS)
For the past few weeks, I have focused exclusively on cross site scripting (XSS) attacks. This week is no different. The past posts were meant to demonstrate these types of attacks from a high level. This week, I will show how these attacks can be used more maliciously. The tools used to conduct the tests this week are similar to the tools used in the past. For starters, Kali Linux ( https://www.kali.org/downloads/ ) was used and as always, was installed on a virtual machine using VirtualBox ( https://www.virtualbox.org/wiki/Downloads ). I also used Metasploitable 2 ( https://information.rapid7.com/metasploitable-download.html ) and a virtual instance of Windows 10. To get a copy of Windows 10 to use for testing purposes, simply visit https://developer.microsoft.com/en-us/microsoft-edge/tools/vms/ . Finally, I also used the Browser Exploitation Framework (BeEF) which can be downloaded as a standalone program from https://github.com/beefproject/beef or can be use...