Can this skill help bypass Web Application Firewalls (WAFs)?

It provides several advanced techniques such as character encoding, tag splitting, and null byte injection to help testers evaluate the effectiveness of their WAF filters.

Which programming languages are covered for remediation?

The skill provides specific code examples and best practices for preventing injection in PHP, Python (specifically Jinja2/Flask), and JavaScript environments.

What is the primary difference between HTML injection and XSS?

HTML injection focus on rendering unauthorized HTML tags to modify page appearance or create fake forms, whereas XSS (Cross-Site Scripting) involves executing malicious JavaScript code in the victim's browser.

Does this skill support automated security testing?

Yes, it includes workflows for using industry-standard tools like Burp Suite and OWASP ZAP, as well as custom Python scripts for automated fuzzing of injection points.

HTML Injection Security Tester

Name: HTML Injection Security Tester
Author: claudiodearaujo

byclaudiodearaujo

Security & Testing

Identifies and tests HTML injection vulnerabilities to secure web applications against unauthorized content manipulation and phishing risks.

About

The HTML Injection Testing skill is a comprehensive toolkit for developers and security researchers designed to find, exploit, and remediate content injection vulnerabilities. It provides a structured methodology for mapping application surfaces, executing diverse testing payloads—from basic formatting to complex phishing overlays—and bypassing common security filters. Beyond discovery, the skill offers specific, actionable remediation guidance for PHP, Python, and JavaScript, ensuring that developers can implement robust defenses like context-aware output encoding and input validation to protect their users.

Key Features

0 GitHub stars
Methodologies for creating proof-of-concept phishing forms and site defacements.
Comprehensive payload library for stored, reflected, and URL-based HTML injection.
Step-by-step guides for integrating Burp Suite and OWASP ZAP into the testing workflow.
Language-specific remediation patterns for PHP, Python Flask, and modern JavaScript.
Advanced bypass techniques for evading basic input filters and encoding restrictions.

Use Cases

Validating secure coding practices by testing input sanitization and output encoding logic.
Conducting security audits on web forms, search parameters, and user profile fields.
Generating impact assessments by demonstrating how malicious HTML can alter site appearance.

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add claudiodearaujo/izacenter html-injection-testing

For use in Claude.ai and ChatGPT

Download Skill

GitHub