Penetration Testing with Kali Linux
PWK - Copyright © 2023 OffSec Services Limited. All rights reserved.
98
We can use screenshots to supplement our note-taking or to include them in our report to
illustrate the steps we took, which will help another tester reproduce the issues. However, we
need to be conscious of the audience. While a penetration tester may consider an alert window to
demonstrate XSS as perfectly self-explanatory, developers unfamiliar with the vulnerability may
not understand its true cause or impact. It’s good practice to always support a screenshot with
text.
Screenshots have a specific goal, which is to convey information that would take several
sentences to describe or to make an impact. With this in mind, the screenshot should contain
exactly enough information to justify not using text, but there shouldn’t be too much information
to make the screenshot confusing.
To return to the example given above in the notes section, we have found reflected XSS in the
username field of the application login. We will properly explain the effects of XSS in the actual
report. However, the impact of XSS is far easier to show rather than explain without a visual
reference as a base. We must include evidence of arbitrary JavaScript execution, as well as visual
components of the site (i.e. the URL in the browser window). If necessary, secondary or lead-up
steps can be captured as well.
A well-constructed screenshot is easy to parse visually. Readers should be able to intuitively
understand the picture and its caption without any questions. If there is a greater need for
surrounding context, that can be added in a paragraph above or below the image, but the image
itself should be understood.
Once again, using the example of XSS in our login form, we will include the following components
in the screenshot, resizing the window if necessary. Ideally, we would include the URL as well as
some company-specific branding and logos on the form. This lets them know the exact webpage
and ties the vulnerability to their corporate image.
The actual pop-up executed in the proof-of-concept is necessary as well, substituted for any more
advanced payload as the proof of concept is slowly taken further. Finally, we want to ensure that
it is all legible. A screenshot that needs to be zoomed in to be properly viewed disrupts the
reader’s flow. A good screenshot is immediately legible, as shown below.
Yüklə
Dostları ilə paylaş: