Does this skill help bypass security filters and WAFs?

Yes, it includes techniques for case variation, HTML entity encoding, hex/unicode bypasses, and JavaScript obfuscation to test the robustness of security filters.

Does it provide remediation advice for discovered flaws?

Absolutely. It offers specific recommendations for proper output encoding, input validation, and the configuration of Content Security Policies (CSP).

What types of XSS can this skill identify?

It covers all major categories: Stored XSS (persistent), Reflected XSS (non-persistent), and DOM-based XSS which occurs when user-controlled data is processed by client-side JavaScript.

Are there legal requirements for using this skill?

Yes, users must have explicit written authorization to perform security testing on any target application and must adhere to defined engagement scopes.

Can I use this for session hijacking demonstrations?

Yes, the skill provides templates for cookie-stealing and session capture payloads designed for use in authorized, controlled security demonstrations.

XSS & HTML Injection Security Testing

Name: XSS & HTML Injection Security Testing
Author: claudiodearaujo

byclaudiodearaujo

0•

セキュリティとテスト

Identifies and exploits Cross-Site Scripting (XSS) and HTML injection vulnerabilities using advanced detection and bypass techniques.

This skill provides a comprehensive framework for security professionals and developers to conduct systematic client-side injection audits. It facilitates the discovery and exploitation of stored, reflected, and DOM-based XSS flaws by analyzing input reflection points, identifying dangerous JavaScript sinks, and generating sophisticated proof-of-concept payloads. Beyond simple detection, the skill offers a deep library of filter bypass techniques—including encoding variations and obfuscation—and provides actionable remediation strategies such as Content Security Policy (CSP) configurations to harden web applications against real-world attacks.

主な機能

01Proof-of-concept payload generation for session hijacking and data theft

020 GitHub stars

03Identification of dangerous JavaScript sinks and data sources

04Comprehensive library of filter bypass and encoding techniques

05Detection of stored, reflected, and DOM-based XSS vectors

06Remediation guidance for input sanitization and CSP implementation

ユースケース

01Demonstrating security risks to stakeholders via controlled exploitation examples

02Performing security penetration tests on web application input fields

03Validating the effectiveness of server-side sanitization and output encoding

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add claudiodearaujo/izacenter xss-html-injection

For use in Claude.ai and ChatGPT

Download Skill