Setup pentesting lab for xss vulnerabilities on Kali linux.

Setup pentesting  lab for xss vulnerabilities on Kali linux.

Websites have become a common target for attackers. The attackers most likely containing personal identifying information to obtain access to confidential information is relatively simple to take advantage of the weaknesses.
So, if you are new to Hacking and Pentesting and you want to practice your skills, you might have one or most of these issues:
today i will explain how to setup pentest lab for exploit xss vulnerabilities.


What will you need:

  • A laptop running kali linux
  • Virtualbox or Vmware(you can download which you like)
  • A Vulnerable web app(

So lets start!!!

  • fire up kali linux,
  • install and Configure Virtual box on kali linux describe here
  • setup xampp on windows running on virtualbox.
  • Setup DVWA on kali linux, tutorial is here

if you all setup these things then move on next step:

this tutorial on stored xss vulnerabilities, lets hook victim browser with beef.

Cross-Site Scripting (XSS) attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted web sites. XSS attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a different end user. Flaws that allow these attacks to succeed are quite widespread and occur anywhere a web application uses input from a user within the output it generates without validating or encoding it.


open terminal start apache:

“service apache2 start”

start mysql server:

“service mysql start”

start up beef

copy hooks.js link location

Go to

setup/reset database.

setup DVWA securities as low.

go to stored xss and inject your malicious script here:(hook.js)

now every your who visit on and click on stored xss, beef hook their browser.


to do so:

open virtual box start xampp

start apache and mysql

visit ipaddress/DVWA

click on stored xss

What happen?

you will see that beef showing a online browser running on winddows

thats your victim browser, you SURMOUNT this browser, now you have many option to do:

  • inject a fake page on victim browser
  • Session hijecking
  • View visited history
  • and many more

Video tutorial is here .





3 thoughts on “Setup pentesting lab for xss vulnerabilities on Kali linux.

  • Pingback: How to setup DVWA on kali linux 2016/Ubuntu. - kali hacking tutorial

  • Pingback: filezilla on kali linux

  • March 2, 2017 at 8:36 am

    Sell Cvv CC Very Good and Fresh , Work 100% Valid ALl Country
    CVV Dumps shop online
    *Sell Cvv All Country : US – UK – CA – AU – EU – Japan – China – Asia – Inter – All Country

    *Type card: Visa – Master – Amex – Disco – Bin – DOB – NON – Pass VBV – SSN – Fullz Info.

    We looking for a good customer to buy cvv everyday and long-term.
    We will discount or bonus if you order bulk.
    We have sold to many customer worldwide and has created reputation for them.

    My Domains:
    TOR Link: http://jwvru4dvfwuktptf.onion

    Cvv Shop,Buy Cvv,cvv shop online,Buy Cvv Online,Valid Cvv,Shop Cvv,Fresh Cvv,Cvv Store,cvv shops,auto cvv shop,Buy Cvv Shop, Cheap CVV, Fresh CVV, Good CVV, Carding Forums, Carder Forums, Fresh Paypal, Best cvv, shop cvv, cvv online, cvv shop, sell cvv, buy cvv, buy cvv online, Cvv Shop,Buy Cvv,cvv shop online,Buy Cvv Online,Valid Cvv,Shop Cvv,Fresh Cvv,Cvv Store,cvv shops,auto cvv shop,Buy Cvv Shop, Online dumps shop, Buy CC :: Buy Dumps :: Sell CC :: Sell Dumps T1-T2 :: CVV :: Dumps :: PayPal :: SSN :: DOB :: Full CC INFO :: Bank Logins.Fresh Cvv in Cvv Shop. You can buy cvv at cvv shop online make money easily. A Cvv Store have valid cvv , buy cvv2.sell dumps, buy dumps, dumps with pin, buy cvv, buy cvv2, sell dumps, sell track2, buy track2, credit card, buy cards,cheap cvv,buy cvv,sell cvv,fresh cvv,good CC :: CVV :: Dumps :: PayPal :: SSN :: DOB :: Full CC INFO :: Bank Logins :: Tracks :: Carder Tools :: Cvv Shop Site :: CarderShop. Shop Sell Dumps/ Track 1&2 /Seller Cvv/ Buy Cc/ Selling Dumps With Pin Dump/ Dumps … sell fullz dumps with pin High balance and Valid dumps shop, sell dumps,shop good ,selling dumps with pin,seller dumps online,shop dumps, sale dumps , dumps with pin, track 1&2 , dumps , track 1 2 sell CC Dumps Paypal Fullz Banks Verified Shops CC Dumps Paypal Fullz Banks Verified


Leave a Reply

Your email address will not be published. Required fields are marked *