Does this skill work with modern JavaScript frameworks?

Yes, it includes specific techniques for DOM-based XSS and identifies sinks commonly found in modern frameworks like React, Vue, and Angular.

Is it suitable for automated security pipelines?

Absolutely. The skill provides standardized workflows that can be integrated into testing routines to systematically flag potential injection points.

What types of injection does it cover?

It covers a comprehensive range including Stored XSS, Reflected XSS, DOM-based XSS, and various types of persistent and non-persistent HTML injection.

Can it help bypass Content Security Policies (CSP)?

The skill provides techniques to identify CSP weaknesses and suggests payloads that can bypass common configuration flaws.

Does it provide remediation advice?

Yes, it goes beyond detection to offer specific encoding strategies, sanitization techniques, and CSP configurations to fix discovered vulnerabilities.

XSS and HTML Injection Security Testing

Name: XSS and HTML Injection Security Testing
Author: claudiodearaujo

byclaudiodearaujo

•

Security & Testing

Conducts comprehensive security audits to identify, exploit, and remediate Cross-Site Scripting (XSS) and HTML injection vulnerabilities in web applications.

This skill provides a systematic framework for security professionals and developers to perform deep-dive client-side injection assessments. It covers the full lifecycle of vulnerability management, from identifying input reflection points and crafting sophisticated payloads for stored, reflected, and DOM-based XSS, to demonstrating the impact of session hijacking and providing actionable remediation strategies like Content Security Policy (CSP) configurations. It is an essential tool for ensuring web application resilience against sophisticated injection attacks.

Key Features

01Advanced filter bypass and payload obfuscation techniques

02Detailed remediation guidance including CSP configuration best practices

03HTML injection methods for content manipulation and phishing simulations

04Session hijacking and cookie theft proof-of-concept templates

051 GitHub stars

06Detection workflows for stored, reflected, and DOM-based XSS

Use Cases

01Demonstrating security risks to stakeholders through controlled exploitation proofs

02Validating the effectiveness of input sanitization and output encoding logic

03Performing automated penetration testing on web forms and user input fields

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add claudiodearaujo/sistema-de-narra-o-de-livro xss-html-injection

For use in Claude.ai and ChatGPT

Download Skill