Unsanitized Data – An XSS Case Study                                 Chapter 4

            We want to add that grep phrase into the Grep - Match section in the Options tab so that,
            when we're viewing our attack results, we can see a checkbox indicating whether our
            phrase turned up in an attack response:
































            Once that phrase has been added, we're ready to start our attack. Click the start attack
            button in the top-right of the Options (and every other) view.

            After clicking the button, you should see an attack window pop up and start to self-
            populate with the results of the XSS snippet submissions:






















                                                    [ 64 ]