RFCRFC

Prerequisites & Requirements

• Understanding of web security concepts, especially XSS (Cross-Site Scripting)
• Basic knowledge about Jinja2 templating engine used in Python web frameworks
• Understanding of HTTP requests and how to intercept and modify them
• Regular expressions basics and how regex patterns work for input validation

What will you learn?

• Exploiting XSS vulnerabilities and crafting Cross-Site Scripting attacks
• Taking advantage of mail RFCs (RFC 5322) to exploit XSS and bypass validation
• Template injection techniques and recognizing dangerous template filters
• Regex bypass methods and exploiting overly permissive regular expressions
• Cookie exfiltration: Learning how to steal session data through XSS attacks

Tools

• Webhook.site for receiving and inspecting exfiltrated data from XSS payloads
• Browser for accessing and interacting with the web application
• Burp Suite (optional) for intercepting and modifying HTTP requests