What is the difference between HTML injection and XSS?

HTML injection involves rendering malicious HTML tags to change page appearance, while XSS (Cross-Site Scripting) executes arbitrary JavaScript code. HTML injection is often a stepping stone to full XSS.

Does this skill support automated testing tools?

Yes, the workflow includes instructions for integrating HTML injection testing with industry-standard tools like Burp Suite and OWASP ZAP.

What are the most common HTML injection points?

The most common surfaces include search bars, user profile fields, comment sections, URL parameters reflected on the page, and error messages.

Can this skill help me prevent attacks as well as find them?

Yes, it includes detailed remediation guidance for various languages like PHP, Python, and JavaScript, focusing on input validation and context-aware output encoding.

HTML Injection Security Testing

Name: HTML Injection Security Testing
Author: zebbern

byzebbern

•

2,883

•

セキュリティとテスト

Conducts comprehensive security audits for HTML injection vulnerabilities to protect web applications from content manipulation and phishing attacks.

This skill provides a specialized methodology for identifying, exploiting, and remediating HTML injection vulnerabilities within web applications. It guides users through the entire security testing lifecycle, from mapping injection points like search bars and user profiles to deploying sophisticated payloads for phishing simulations and defacement testing. By offering domain-specific guidance on bypass techniques for filters and providing clear remediation steps in multiple programming languages, it serves as an essential tool for penetration testers and security-conscious developers looking to harden their software against injection-based threats.

主な機能

01Automated testing workflows for Burp Suite and OWASP ZAP

02Advanced filter bypass and encoding techniques

03Multi-language remediation and secure coding guidance

042,883 GitHub stars

05Phishing simulation and defacement payload generation

06Injection point mapping and surface area discovery

ユースケース

01Simulating phishing attacks to assess social engineering risks

02Performing security audits on web application input fields

03Validating web application firewalls and input sanitization logic

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add zebbern/claude-code-guide html-injection-testing

For use in Claude.ai and ChatGPT

Download Skill