Self-XSS (Cross Site Scripting) Social Engineering Attacks and Prevention

  Today,  i am going to explain about the Self-XSS(Cross Site Scripting) Attack

What is Self-XSS?

Self-XSS is one of the popular Social Engineering Attack used by Attackers to trick users into paste the malicious code in browsers.  Results in attacker accessing to the whatever website you visit. Usually scammers use this attack for tricking users to buy Products or get money through online survey .

Recently, Hackers Attacked Facebook with explicit hardcore porn images. Facebook says it might be self-Xss Attack .

Javascript can be executed in browser url bar.
For example , enter the following code in your browser:

javascript:alert('BreakTheSecurity');

This will show a pop up box with "BreakTheSecurity".  An attacker can use this for malicious purpose. He can steal Confidential data, cookies, redirect to malware sites and more.
For Eg:
Entering the following code will display the cookies in your browser:

javascript:alert("Cookies:"+document.cookies+"  "+"\n By \n BreakTheSecurity");

The above code is not going to anything maliciously other than displaying the cookies.  But an attacker can extend the script so that it can take advantage your data.

Security Tips from BreakTheSecurity:

• Use NoScript add on that will prevent javascript running in your browser.
• Don't click the shorthand urls for Example: bit.ly/55ewEb?22.  This may redirect to an infected sites. 

Aware of Social Engineering:

• If anyone ask you(even if he is your friend) to paste the scripts in browser bar, Never do this mistake.  
• If anyone says "Iphone only $10", Don't eager to click it. 
• If anyone says "1000 shares will cure a baby", Never do this mistake. Facebook shares never help to get money or help to cure baby.
• Read our EHN spam report to know the latest updates about the facebook scams.

 Note : If you have any doubt than please comment below.
this is guide only for Knowledge

Share on Google Plus

About Unknown

This is a short description in the author block about the author. You edit it by entering text in the "Biographical Info" field in the user admin panel.