In this Valentines challenge from HackTheBox, I'll send an XSS payload to exfil a cookie from another chatty user on a dating site. RequestBin is a useful tool for catching HTTP requests.
RequestBin: https://requestbin.whapi.cloud/
OnlyHacks: https://app.hackthebox.com/challenges/OnlyHacks
404 pages: https://0xdf.gitlab.io/cheatsheets/404
☕ Buy Me A Coffee: https://www.buymeacoffee.com/0xdf
[00:00] Introduction
[00:28] Challenge description
[01:18] FoxyProxy config
[03:28] Initial page enumeration
[06:17] Registration and enumeration
[08:40] Chat interaction
[09:50] Introducing RequestBin
[11:34] Phishing
[13:20] XSS
[17:06] Conclusion
#HackTheBox #ctf #xss
