1
00:00:11,930 --> 00:00:14,570
Hi, welcome back to another episode on How to Hack.

2
00:00:15,170 --> 00:00:17,650
So today we'll be looking at cross site scripting.

3
00:00:17,660 --> 00:00:24,680
So it is a way for us to actually inject our own malicious script into the Web browser so that when

4
00:00:24,680 --> 00:00:29,870
a user Servet, we can actually show them exactly what we want the browser to do.

5
00:00:30,510 --> 00:00:36,500
So, of course, before we even go into cross site scripting, we want to think about what is JavaScript

6
00:00:36,500 --> 00:00:39,660
and how do Web developers actually build many of these sites.

7
00:00:40,070 --> 00:00:46,010
So the first thing you can think about is developers actually have to look at HTML, she says, as well

8
00:00:46,010 --> 00:00:46,730
as JavaScript.

9
00:00:47,120 --> 00:00:51,290
That can give the user a great experience when you're surfing into the site.

10
00:00:51,680 --> 00:00:56,840
And of course, in this case, JavaScript is actually used to control a lot of functions in site, the

11
00:00:56,840 --> 00:00:57,380
website.

12
00:00:58,070 --> 00:01:04,520
So when we look over here, we have a standard, very simple way of building a hex HTML document that

13
00:01:04,520 --> 00:01:06,860
can be served through a Web application server.

14
00:01:07,040 --> 00:01:11,280
So Web application server could be like Apache that you have seen a lot from the tutorials.

15
00:01:11,780 --> 00:01:18,170
So the right site we can see over here that we got the HTML opening and we got the body and we got the

16
00:01:18,560 --> 00:01:22,720
one which is standing for header header one and we got a script.

17
00:01:22,730 --> 00:01:26,730
So script is of course JavaScript and will be inserting a lot of this over time.

18
00:01:27,230 --> 00:01:29,030
So here we got the alert function.

19
00:01:29,030 --> 00:01:31,820
So the alert function will do a dialog box pop up.

20
00:01:32,000 --> 00:01:37,220
And a reason why we are using this is because it is a lot more visible to know whether a script has

21
00:01:37,220 --> 00:01:38,740
actually gone in successfully.

22
00:01:38,990 --> 00:01:43,970
So that's one of the way, especially in the beginning stage when you're trying to do all this injection

23
00:01:44,180 --> 00:01:50,240
and to see whether the attacks from all the Eurail is actually subjected to JavaScript injection.

24
00:01:50,960 --> 00:01:56,210
And of course, on the bottom left, how is actually the JavaScript in use across all these different

25
00:01:56,210 --> 00:01:56,690
browsers?

26
00:01:56,690 --> 00:02:00,640
So you got Chrome, you've got Internet Explorer, you have Firefox, Safari and Oprah.

27
00:02:01,220 --> 00:02:03,520
So all of them can run the script.

28
00:02:03,650 --> 00:02:08,870
So if they can run a script in Minnesota, we can inject something into the Web server which allow us

29
00:02:08,870 --> 00:02:09,880
to run our own commands.

30
00:02:10,610 --> 00:02:16,000
So moving forward, if you see over here, we got the screenshot of running a HTML page.

31
00:02:16,010 --> 00:02:19,220
So, again, you could run this on your own Web application server.

32
00:02:19,220 --> 00:02:22,910
So you just go to upload the HTML file to Apache Web server.

33
00:02:22,910 --> 00:02:28,220
And from there on, you'll be able to see all of this running inside your system.

34
00:02:28,220 --> 00:02:32,630
And you can just go into the IP address and we can see whether browsers are loading exactly what we

35
00:02:32,630 --> 00:02:33,410
want them to look.

36
00:02:34,850 --> 00:02:37,730
So, of course, going into crosshatch scripting now.

37
00:02:37,730 --> 00:02:44,780
So it is a Web based attack in which the browser interpretor, which is used to execute malicious code

38
00:02:45,260 --> 00:02:46,630
that does not standardize input.

39
00:02:46,640 --> 00:02:50,420
So if you look back at a previous tutorial, we were talking about SQL injection.

40
00:02:50,420 --> 00:02:51,950
So it is almost similar.

41
00:02:52,070 --> 00:02:56,930
But in this case, the code is targeted for the browser, targeted for the user.

42
00:02:56,930 --> 00:03:02,120
When you click onto it, when you go into the page and of course, the script would actually run onto

43
00:03:02,120 --> 00:03:05,180
the browser and execute a kind of commands that we wanted to run into.

44
00:03:05,690 --> 00:03:10,670
A single injection you saw from the previous tutorial was actually to pull a lot of information coming

45
00:03:10,670 --> 00:03:16,550
from the database, truly Web application server because of, again, unsanitized input there.

46
00:03:16,550 --> 00:03:19,250
Do not check for the kind of code is coming into the system.

47
00:03:21,330 --> 00:03:26,340
So what can cross rescripting do now that we understand about cross scripting, how web application

48
00:03:26,580 --> 00:03:32,820
or web development is being built so we can execute any kind of script that we want to run as the hacker

49
00:03:33,000 --> 00:03:35,370
and we could defeat the we can change the code.

50
00:03:35,640 --> 00:03:40,910
We can redirect users who go into the site, and of course, we can even hijack a user's browser.

51
00:03:40,920 --> 00:03:47,100
So a lot more things that we can do because if you can inject your own script into the system, you

52
00:03:47,100 --> 00:03:48,750
can do literally anything.

53
00:03:51,280 --> 00:03:56,470
So there are tricky types of cross scripting, so the first one is actually what we call Staat.

54
00:03:56,770 --> 00:04:03,820
So Staat, cross site scripting is a very simple way of how we could push the script into the database.

55
00:04:03,850 --> 00:04:05,350
So one is in the database.

56
00:04:05,530 --> 00:04:10,900
What happened is that when the Web browser served the content, you'll be served as a JavaScript.

57
00:04:10,930 --> 00:04:15,910
So once it has served as a JavaScript, the users browse through those scripts and immediately will

58
00:04:15,910 --> 00:04:17,670
be able to get those information back.

59
00:04:19,150 --> 00:04:23,860
The second one is reflected, so, of course, this is the part where we're utilizing the universal

60
00:04:24,070 --> 00:04:28,120
in which we're injecting our script instead of you are sending to the user.

61
00:04:28,210 --> 00:04:33,610
And when a user click onto it a little bit into the browser and then ultimately into our script and

62
00:04:33,610 --> 00:04:38,680
when a script runs immediately will be able to run that script against a client's browser.

63
00:04:39,760 --> 00:04:42,420
And a final one is Dom Bayes, cross site scripting.

64
00:04:42,430 --> 00:04:45,370
So this is the document object model.

65
00:04:45,400 --> 00:04:49,160
So this is a way for us to do a in line execution of script.

66
00:04:49,330 --> 00:04:51,600
So this is very browser specific.

67
00:04:51,790 --> 00:04:56,020
So a lot of the more outdated browsers can be subjected to this type of attack.

68
00:04:58,880 --> 00:05:04,360
So the first scenario is on start crossing scripting, which is the simplest way to look at Croci scripting,

69
00:05:04,820 --> 00:05:08,300
so the first thing you look at is on the left side, you got the hacker sever.

70
00:05:08,300 --> 00:05:13,330
All the hack is computer and it will inject a code, a malicious code into the target server.

71
00:05:13,550 --> 00:05:19,100
And ultimately, when the user go into the server, that will execute a script immediately and you'll

72
00:05:19,100 --> 00:05:24,530
be able to do all sorts of commands Sarla redirection, getting cookies, information, sensitive data

73
00:05:24,530 --> 00:05:25,130
and so on.

74
00:05:27,650 --> 00:05:29,690
So where are the entry points for attack?

75
00:05:29,690 --> 00:05:35,690
So if you look on the left side, we have a vulnerable Web application, somebody has seen a lot come

76
00:05:35,750 --> 00:05:36,380
until today.

77
00:05:36,680 --> 00:05:40,190
So you could actually install this very quickly on your virtual environment.

78
00:05:40,400 --> 00:05:46,760
And from there on, you can actually test and learn about SQL injection, cross site scripting vulnerabilities

79
00:05:46,910 --> 00:05:47,950
and a lot more things.

80
00:05:48,050 --> 00:05:53,480
So, of course, in this case, we are inside a particular page and this page has a tax form.

81
00:05:53,660 --> 00:05:56,680
So of course, in a tax form, we can see that we can Qiantang.

82
00:05:56,700 --> 00:05:59,170
So this is the part where we can do a entry.

83
00:05:59,480 --> 00:06:04,670
So if you think about the size of your surfy, this is like a text box and you can put your comments

84
00:06:04,850 --> 00:06:06,290
and you can put different kind of things.

85
00:06:07,270 --> 00:06:12,170
So on the right side, we are injecting a script, a JavaScript into the system.

86
00:06:12,180 --> 00:06:17,510
So when we're injecting a JavaScript, so here we have the opening of script and we go to closing and

87
00:06:17,510 --> 00:06:20,100
we get an alert and the alerts say you've been hacked.

88
00:06:20,240 --> 00:06:26,900
So what happened is that once you hit Sèvres block entry, whoever looks into the page would actually

89
00:06:26,900 --> 00:06:27,920
load the JavaScript.

90
00:06:27,920 --> 00:06:33,350
So on the left side, you could see the pop up dialog box and we can see that you've been hacked, get

91
00:06:33,360 --> 00:06:33,910
shown up.

92
00:06:34,160 --> 00:06:38,540
And of course, on the right side, if you actually investigate on the source code, you could actually

93
00:06:38,540 --> 00:06:41,390
do a search and you could see script alert.

94
00:06:41,390 --> 00:06:47,530
You've been hacked, which means that the script is running as though it is a script out of the browser.

95
00:06:47,540 --> 00:06:53,420
So this allow you to actually run your own KOLO redirecting the whole page, meaning that if you reach

96
00:06:53,600 --> 00:06:56,000
this page, you could be redirected to your correct site.

97
00:06:58,240 --> 00:07:03,290
So here we got another way of actually attacking based on cross scripting.

98
00:07:03,310 --> 00:07:06,430
So over here we are injecting an iFrame on the left side.

99
00:07:06,640 --> 00:07:11,210
So, again, this is a way for us to Imbert content into the site.

100
00:07:11,230 --> 00:07:14,990
So on the right side, we can see that we get the website, load it into the site.

101
00:07:15,010 --> 00:07:17,880
So over here you can see transferring data from.

102
00:07:17,890 --> 00:07:24,600
So this would actually end this site into the iFrame again, ultimately allowing us to embed information

103
00:07:24,600 --> 00:07:27,700
in any form of content into the table.

104
00:07:28,180 --> 00:07:33,340
So over here we have another example where we're using a script, that document kookie.

105
00:07:33,340 --> 00:07:38,050
So we're trying to pull up to kookie information of the client browser.

106
00:07:38,080 --> 00:07:42,170
So again, this allows us to see information inside the browser.

107
00:07:42,760 --> 00:07:44,550
So this would actually give a pop up.

108
00:07:44,560 --> 00:07:47,430
So in the pop up, we can see the session ID.

109
00:07:47,740 --> 00:07:52,480
So again, we could use that such session ID information and we could copy it to a different browser

110
00:07:52,480 --> 00:07:54,460
and this would give us permission into the site.

111
00:07:56,580 --> 00:08:02,400
So Sonata is a little more complicated, so we have what we call the reflective cross site scripting,

112
00:08:03,180 --> 00:08:09,000
so reflect the cross scripting is in a sense that if you look at a step over here on the top left,

113
00:08:09,000 --> 00:08:10,770
we have the hacker server, a computer.

114
00:08:11,130 --> 00:08:16,830
And what you're first doing is you're going into the target server and you're checking whether the server

115
00:08:16,830 --> 00:08:19,720
is vulnerable to your injection.

116
00:08:19,830 --> 00:08:25,800
So what you do is do attach to your URL to see if that they are able to inject scrip inside of you URL

117
00:08:26,100 --> 00:08:28,710
and then sending that link to the target machine.

118
00:08:28,740 --> 00:08:35,010
So when a target machine clicks onto the link together with the script, inject it into your URL that

119
00:08:35,010 --> 00:08:37,080
would get a malicious script executed.

120
00:08:38,900 --> 00:08:44,330
So over here in this case, you can see on the left side, we have the script alert document kookie

121
00:08:44,570 --> 00:08:49,460
so we could send such an information already are to the target machine.

122
00:08:49,460 --> 00:08:53,810
And when a target machine click onto the link, it would actually run the script.

123
00:08:53,840 --> 00:08:59,020
So in this case, of course, we just running to document Kookie, which will of course show the session

124
00:08:59,040 --> 00:08:59,440
ID.

125
00:08:59,630 --> 00:09:05,000
But of course we can also send that information to a separate server to collect all this session information.

126
00:09:05,030 --> 00:09:08,250
So again, is part of cookies stealing, as we can see.

127
00:09:09,020 --> 00:09:11,480
So over here we got the browser specific attack.

128
00:09:11,840 --> 00:09:14,480
So on the left side, we can actually see the file.

129
00:09:14,690 --> 00:09:19,510
And of course, in the file, we could serve this to any of your favorite Web application server and

130
00:09:19,520 --> 00:09:22,160
we can actually do a questionmark name equal.

131
00:09:22,400 --> 00:09:29,830
So again, that would help us inject the content of the information into the body of the website.

132
00:09:30,320 --> 00:09:34,040
So, of course, at the bottom you can actually see the reinjecting, the script or alert.

133
00:09:34,370 --> 00:09:38,390
And of course, you've seen it many times chool, the different earlier examples.

134
00:09:39,020 --> 00:09:43,250
And of course, we can see the dialog box being pop up saying that this site was hacked.

135
00:09:43,550 --> 00:09:47,960
So, of course, this is highly dependent on the browser because some browser would actually sanitize

136
00:09:47,960 --> 00:09:50,360
those input for you to protect you.

137
00:09:50,510 --> 00:09:55,760
But of course, you're using more outdated browsers, actually subject you to just kind of scribbling,

138
00:09:55,760 --> 00:09:57,770
execute it on your client and.

139
00:10:00,110 --> 00:10:04,880
So, of course, you'd be asking, what about more advanced way, because there could be a Web application

140
00:10:04,880 --> 00:10:07,460
firewall to sanitize those input.

141
00:10:07,550 --> 00:10:12,620
There could be a database firewall to sanitize those input before he gets injected into the database.

142
00:10:13,010 --> 00:10:17,250
So, again, they could have many different kind of firewalls to protect against such payload.

143
00:10:17,600 --> 00:10:22,790
So, of course, there's a huge set of cheat sheets or payloads in which you could see on the right

144
00:10:22,790 --> 00:10:23,090
side.

145
00:10:23,100 --> 00:10:29,640
So we go different ways of injecting the alert to test whether the site is vulnerable to such attacks.

146
00:10:30,260 --> 00:10:37,550
So you can see in BrightSource Image, SureScripts source and we got dive and of course we got questionmark

147
00:10:37,550 --> 00:10:37,890
and so on.

148
00:10:37,910 --> 00:10:44,210
So there's a huge list of potential ways that we could inject a payload into the Web server to test

149
00:10:44,420 --> 00:10:46,790
whether they are vulnerable to such attacks.

150
00:10:49,010 --> 00:10:54,950
So now we're going to a demonstration of the tutorial and here this is the part where we are looking

151
00:10:54,950 --> 00:10:58,550
across all three examples of how cross site scripting works.

152
00:10:58,940 --> 00:11:04,070
So over here on the left side of politics, running in the same time, I have mutal a day running as

153
00:11:04,070 --> 00:11:08,330
well on the IP address of one or two one six eight one eight five.

154
00:11:09,020 --> 00:11:11,630
So once you're in here, you can go on the top 10.

155
00:11:11,640 --> 00:11:16,360
So they have a nice category of the Web application vulnerabilities that you could test on.

156
00:11:16,550 --> 00:11:19,670
And of course, today's coverage is on Croci scripting.

157
00:11:19,670 --> 00:11:24,470
So of course, in future tutorial, we'll try to go to as many of them as possible so that you can learn

158
00:11:24,590 --> 00:11:25,800
all about cybersecurity.

159
00:11:26,870 --> 00:11:32,450
So I go on across my scripting, we can actually look at the number of opportunities that we can test

160
00:11:32,450 --> 00:11:32,630
on.

161
00:11:32,660 --> 00:11:35,030
So, of course, we got the reflected.

162
00:11:35,030 --> 00:11:36,110
We got it persistent.

163
00:11:36,110 --> 00:11:38,440
So we're going to click onto add to your block.

164
00:11:39,200 --> 00:11:44,900
So once you click onto add to your block, this is the part where we can actually enter any form of

165
00:11:44,900 --> 00:11:45,440
content.

166
00:11:45,470 --> 00:11:48,560
So I'll say I for example, I enter Hollo.

167
00:11:48,860 --> 00:11:53,960
Today is a great day and I hit enter on debt, so that would save a block entry.

168
00:11:53,960 --> 00:11:56,990
And at the bottom we can see that we got the entry.

169
00:11:56,990 --> 00:11:57,400
Hello.

170
00:11:57,410 --> 00:11:58,390
Today's a great day.

171
00:11:59,120 --> 00:12:01,870
So what we can do now is we can manipulate the data.

172
00:12:01,880 --> 00:12:11,000
So here for example, we can enter script and we can enter alert and we can enter you been hack and

173
00:12:11,000 --> 00:12:14,520
we can actually close it and we can close the script as well.

174
00:12:14,540 --> 00:12:21,770
So once you hit this, whoever goes into the Web page and once they're in the Web page, the will to

175
00:12:21,770 --> 00:12:22,590
JavaScript.

176
00:12:22,610 --> 00:12:24,530
And of course, this dialog box will pop up.

177
00:12:24,800 --> 00:12:30,680
But of course, in some malicious cases, it could be a redirection of page, it could be a stealing

178
00:12:30,680 --> 00:12:31,910
of document cookies.

179
00:12:32,060 --> 00:12:34,130
So it could be many of these potential examples.

180
00:12:34,880 --> 00:12:39,050
So you click on Save Block entry and immediately we can see the pop up coming up.

181
00:12:39,050 --> 00:12:40,520
And it says that you've been hack.

182
00:12:40,820 --> 00:12:46,190
So, of course, in our case, this we can actually go on to login and we can try to log in as a separate

183
00:12:46,190 --> 00:12:46,680
user.

184
00:12:47,000 --> 00:12:53,570
So in this case, I log in as a separate user and I go in to the cross site scripting and I go to Persistent

185
00:12:53,570 --> 00:12:55,430
and I click on View Someone's Block.

186
00:12:55,910 --> 00:12:59,030
So of course, over here we can have a lot of different information.

187
00:12:59,030 --> 00:13:04,850
So I can click on show all and I could click view blog entries and immediately I get the JavaScript

188
00:13:04,850 --> 00:13:09,700
being executed because this is part of the entry of the user by Anonymous.

189
00:13:10,130 --> 00:13:17,180
So if I actually click a right click and I click a view page source and of course I can look for a script

190
00:13:17,840 --> 00:13:22,100
and of course we can look for the alert and we can look at you, Binayak.

191
00:13:22,100 --> 00:13:27,380
And of course, you're immediately and if you're familiar with HTML access, we can see that this is

192
00:13:27,380 --> 00:13:31,280
a table format and in a table format we have an alert of JavaScript.

193
00:13:31,290 --> 00:13:33,410
So here is a script alert you hacked.

194
00:13:33,650 --> 00:13:39,500
So immediately from here we can actually see the information coming out and we are able to see that

195
00:13:39,500 --> 00:13:40,260
you've been hacked.

196
00:13:40,400 --> 00:13:42,460
So again, we are running on this JavaScript.

197
00:13:42,650 --> 00:13:48,200
So now we go back into Ops, top 10, cross scripting, persistent add to your block.

198
00:13:48,200 --> 00:13:49,340
So we click on that.

199
00:13:49,790 --> 00:13:55,130
And again, we can actually look at how we could inject content into the table.

200
00:13:55,460 --> 00:13:58,820
So, of course, if you scroll down, you can see that there are no block entries.

201
00:13:58,820 --> 00:14:03,560
And what we can do is we can actually enter exactly what you saw from the lecture earlier.

202
00:14:03,920 --> 00:14:05,120
We can look at iFrame.

203
00:14:05,390 --> 00:14:10,350
So iFrame again is not a way for us to potentially inject some scrip into the system.

204
00:14:10,610 --> 00:14:17,180
So in this case, we could source and we can enter HTTP, followed by the website that you want to actually

205
00:14:17,180 --> 00:14:18,970
put into the system.

206
00:14:19,100 --> 00:14:25,340
So of course in this case we got iFrame source and we got loyal Yangyang Dotcom and we can of course

207
00:14:25,340 --> 00:14:26,960
close the iFrame as well.

208
00:14:27,300 --> 00:14:32,930
So here again we are following instructions directly from the lecture so we can close the iFrame and

209
00:14:32,930 --> 00:14:34,540
we can enter a safe entry.

210
00:14:35,630 --> 00:14:38,870
So once you hit enter and out we can see the loading on the left site.

211
00:14:38,870 --> 00:14:43,550
And of course as you scroll down we can see the website being loaded into the block entry.

212
00:14:43,550 --> 00:14:48,510
So once again demonstrating how we could inject some of this information into the site.

213
00:14:48,950 --> 00:14:52,820
So over here, we actually have the ability also to inject scrip.

214
00:14:53,270 --> 00:14:57,930
So of course, here we have another example of how we could do a DNS look up on.

215
00:14:58,250 --> 00:15:00,780
So, again, we could also inject Screwtape once again.

216
00:15:00,920 --> 00:15:04,910
So in this case, we can enter, for example, the document kookie.

217
00:15:05,210 --> 00:15:06,910
We can click on Lookup DNS.

218
00:15:07,190 --> 00:15:13,730
So, of course, this would immediately show us the session ID, the user name, as well as the UID.

219
00:15:13,730 --> 00:15:18,710
So of course what we can do is can we can we direct all this data to a different site, to different

220
00:15:18,710 --> 00:15:22,310
server, and immediately we'll be able to get those session information.

221
00:15:22,550 --> 00:15:27,370
So over here we actually got Devoir, which is a vulnerable Web application.

222
00:15:27,860 --> 00:15:32,500
So in this case, we can also injected directly from the user l.

223
00:15:32,540 --> 00:15:37,040
So in this case, when you see over here is you can enter what's your name so I can enter Etman, for

224
00:15:37,040 --> 00:15:39,800
example, and I click submit and he says, Hello, Etman.

225
00:15:40,310 --> 00:15:47,240
So what you notice is on a u r l the l actually specify information over here and it says to name equal

226
00:15:47,240 --> 00:15:47,800
at mean.

227
00:15:47,990 --> 00:15:53,210
Followed by Hack's, so what we can do is we can follow the information that we got earlier from the

228
00:15:53,210 --> 00:15:58,170
lecture slight, and what we can do is we can enter the script directly into the Yucel.

229
00:15:58,490 --> 00:16:03,290
So in this case, I can enter the script again.

230
00:16:03,290 --> 00:16:09,110
We can check whether this particular Eurail is going to be vulnerable to different kind of JavaScript

231
00:16:09,260 --> 00:16:12,740
and that we can inject all this information where we're sending to.

232
00:16:12,750 --> 00:16:14,460
You are alluding to the user.

233
00:16:15,080 --> 00:16:18,200
So in this case, I'm entering alert and I can interact.

234
00:16:18,530 --> 00:16:23,270
And of course, we can close to your limit and hit enter on that and immediately we get a dialogue pop

235
00:16:23,270 --> 00:16:23,460
up.

236
00:16:23,690 --> 00:16:29,630
So the reason we are doing this is because the user is legitimate and because it's a legitimate URL.

237
00:16:29,810 --> 00:16:32,420
The user has a higher chance of clicking to it.

238
00:16:32,810 --> 00:16:35,680
And when you click onto it, it would execute all this Java code.

239
00:16:35,960 --> 00:16:41,410
So on the left side of a Windows 10 computer running and of course, in this case we got a DOM html.

240
00:16:41,420 --> 00:16:46,460
So remember earlier from the lecture slide, we actually have to code here, which is a HTML file that

241
00:16:46,460 --> 00:16:50,220
you could surf into any of your Web application service.

242
00:16:50,780 --> 00:16:55,100
So over here, of course, you can take a screenshot so that you could actually quickly copy the code

243
00:16:55,310 --> 00:16:59,120
invited into your computer or if you want to host it on your application server.

244
00:16:59,120 --> 00:17:01,130
So please go ahead, do that right now.

245
00:17:01,760 --> 00:17:06,140
So once you have it, you can close it and you can just double click on it and it will open on any of

246
00:17:06,140 --> 00:17:07,130
your favorite browser.

247
00:17:07,460 --> 00:17:14,990
And of course, all you got to do at the back is enter questionmark, followed by name equal our ally.

248
00:17:15,080 --> 00:17:18,890
So again, we can specify and change any of those information.

249
00:17:18,890 --> 00:17:25,150
So you see specifically how this actually changed the content inside the browser.

250
00:17:25,250 --> 00:17:29,880
So, of course, ultimately what we can do is we can inject the script into the system.

251
00:17:29,900 --> 00:17:34,980
So over here we can enter script and we have the alert on hack, followed by the closing of the script.

252
00:17:35,120 --> 00:17:39,480
So when you hit enter on that, that would immediately do a dialog box pop up.

253
00:17:39,500 --> 00:17:44,760
So ultimately giving us access into the sensitive content inside the browser.

254
00:17:45,380 --> 00:17:50,140
So once again, I hope you have learned something valuable in today's tutorial as well as lecture.

255
00:17:50,600 --> 00:17:54,860
So of course, if you have any questions, feel free to put a comment below and I'll try my best to

256
00:17:54,860 --> 00:17:56,120
answer any of your questions.

257
00:17:56,240 --> 00:17:57,440
And we'll like sharing.

258
00:17:57,440 --> 00:18:01,310
Subscribe to the channel so that you can be kept abreast of the latest cyber security.

259
00:18:01,310 --> 00:18:01,700
Tiriel.

260
00:18:01,970 --> 00:18:03,620
Thank you so much once again for watching.