Hands-On Bug Hunting for Penetration Testers
上QQ阅读APP看书,第一时间看更新

Technical Requirements

In this section, we'll continue to configure and use tools from our macOS Terminal command line. We'll also be using Burp Suite, the Burp extension XSS Validator, and information from the SecLists GitHub repository (https://github.com/SecLists) to power our malicious XSS snippet submissions. When we use a browser normally or in conjunction with Burp, we'll continue to use Chrome (66.0.3359.139). Using the XSS Validator extension will require us to install Phantomjs, a scriptable headless browser.

Please download Phantomjs from the official Phantomjs download page:  http://phantomjs.org/download.html.