Skip to content

jamesreggio/xss-challenge

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

7 Commits

public

public

 
 

src

src

 
 

.gitignore

.gitignore

 
 

.jscsrc

.jscsrc

 
 

.jshintignore

.jshintignore

 
 

.jshintrc

.jshintrc

 
 

LICENSE

LICENSE

 
 

README.md

README.md

 
 

package.json

package.json

 
 

screenshot-1.png

screenshot-1.png

 
 

Repository files navigation

XSS Challenge

This is a security challenge I developed for HackFortress at DEF CON 2014. It scores your ability to craft an XSS exploit.

Try it out and let me know if you solve it.

Challenge

How to play

Open the challenge in your browser. Finding the instructions is (an easy) part of the challenge.

Your score is returned from /stolen_data and is based upon three concerns:

  • Did you steal the correct information?
  • Did you actually perform code injection in the browser?
  • Did you do it without making the page appear compromised?

The backend runs a number of checks upon the compromised page usingrjsdom, so it's not particularly easy to cheat.

How to run locally

Ensure ./node_modules/.bin is in your path, then run:

npm install
npm start
open http://localhost:3000

About

XSS challenge for HackFortress 2014

xss-challenge.herokuapp.com

Resources

Readme

License

MIT license
Activity

Stars

2 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages