Coder Social home page Coder Social logo

xsstrike-cypress-testing's Introduction

This repository contains Cypress tests for two labs: one for login functionality and another for cross-site scripting (XSS) testing.

Lab 1: Login Test

/e2e/loginTest.cy.js

Lab 2: XSSTRIKE AND CYPRESS

/e2e/xss.cy.js

XSStrike-Cypress-Testing

find XSS payloads with XSStrike and then testing them using Cypress.

  1. Install XSStrike:

    Clone the XSStrike repository from GitHub and install the required Python packages.

bash

git clone https://github.com/s0md3v/XSStrike.git cd XSStrike pip install -r requirements.txt

  1. Use XSStrike to Find XSS Payloads:

    Run XSStrike by providing the target URL.

bash

python3 xsstrike.py -u "http://example.com"

XSStrike will search for potential XSS vulnerabilities and provide a list of payloads that can be tested. image

  1. Install Cypress:

    Install Cypress globally.

bash

npm install cypress --save-dev

  1. Set Up Cypress:

    Run Cypress to open the Cypress Test Runner.

bash

npx cypress open

  1. Create Test Cases in Cypress:

    In the Cypress Test Runner, you can create test cases by writing JavaScript code in your test files, typically located in the "cypress/integration" directory.

  2. Inject XSS Payloads:

    In your Cypress test files, you can inject XSS payloads into your target web application by using the "cy.visit" and "cy.get" commands. For example, to inject an alert message, you can do something like this:

go to todo.file.js

  1. Run Cypress Tests:

    Save your Cypress test files and run the tests using the Cypress Test Runner. You can click on the test you want to run, and Cypress will open a browser window to execute the test.

  2. Analyze Test Results:

    Observe the test results to determine whether the XSS payloads are successfully executed. You can use assertions in your tests to confirm whether the payloads triggered an alert or other actions. for this code image

Please ensure that you have proper authorization to test the target website for XSS vulnerabilities. Unauthorized testing may be illegal and can result in legal consequences. Always follow ethical hacking practices and obtain necessary permissions before conducting security testing on a website.

xsstrike-cypress-testing's People

Contributors

safouat avatar

Stargazers

Ayman Boufarhi avatar avatar

Watchers

avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.