Cross-Site Scripting (XSS) Explained

This has truly been a lifesaver. My college professor told us to research this for a paper and gave us no source material whatsoever. Everywhere I look, the explanations are so technically written that it goes right over my head with my limited knowledge. (Usually, if I have to look up 3 terms before I finish the first paragraph, I'm out)
Thank you SOOOOOO much for describing this in detail without weighing it down with an excess of unnecessary jargon and high-level concepts.

Upload more frequently! :)

00:50 SOP, the browser checks, blocks read and write 02:10 JS, access, DOM API, javascript injection technique, 03:21 basic classic example 05:35 reflected 05:54 stored 07:31 DOM XSS

dwangoAC of the custom Twitch chat XSS segment - thanks for including it! We had difficulty classifying it as well, and the realtime nature made it hard to say if it was truly stored XSS or not. The volunteer who wrote it learned valuable lessons that day.

I read so many explanations about XSS recently and yours is by far the best. Keep up the great work !

This lesson was sooooo well done my dude! It was great, lots of specifics but not so complicated that everything flew right over my head. Thank you!

The day has come
I finally got an xkcd reference :)

hey man , good to see you after a long time.. plan some frequent uploads ..

i do not leave comments often but.. my dude holy crap this was great. thank you. much more in depth and easy to understand compared to professor messer. loves the visuals. keep it up

Dude! You vids are amazing. Very technical which is great and your graphical explanations leave no room for guessing! Love it! Keep these going!

This was the first video I saw from you but I have to say, I am really glad I’ve found this channel. Big subscribe and I hope that you will have a successful RUclips carrier

Been struggling to wrap my head around what xss was exactly for a while, and this cleared up a lot of things. Thank you. :)

Incredible video, I have been drinking allot of concepts from a water hose for my CySA+ and XSS for whatever reason was one I really struggled to conceptualize.

What you do for the community is awesome man. Thanks for the game and the great videos

"Lets talk about SOP, so that were all on the same page" nailed it

why this was not recommended to me

The fact that you didn't edit out the differentiation thingy just earned you a subscribe

You are super funny man love how you have a good time while making the explanations. Underated and I wish you well in your future I will be subscribing and supporting!

this is the first video ive watched of yours and I already love how you approach the over acrhing concept!

Bruh! I don't know who you are, but I will find you and hug you! (maybe after covid) Your explanations has been spot on with the perfect amount of words and video. You should teach class at university that way students will actually get what they are supposed to be studying! Hats off to you good sir.

Very helpful I keep learning, understanding, and then forgetting XSS. This time it stuck with me 👍

Hello ! I finally understood XSS ! Thank you man ! You're the best! Keep those videos coming. #subscribed

Your videos are so awesome. You explain stuff in such an easily-digestable manner. Please make more :)

Random tidbit: I had a phone interview with the guy who coined the term "XSS" (allegedly), he was absolutely obnoxious and made sure to let me know he came up with that term every 5 minutes.

Corrections on the same origin policy. You can "write" or "send" regardless of origin but the browser will hold onto any response that is coming from an untrusted origin.
This is the reason CSRF is not prevented by SOP.
This isn't hate mail btw, I love your videos and you helped me a ton in the past.
P.S. glad to see you're back!

yo pwn function, i love your vids, please try to post more. i have watched all ur vids and learned a ton from each which I thought i wouldn't have so ur channel has been an all around big help. I love ur content so maybe just trying to post when u can will be great...

Came here from the deserialization vid. Awesome content, well done. +1 Sub.

I wish I've found this channel way before, great content!❤️

Huge respects bro! You have a great and unique way of teaching

In my view, the biggest fundamental flaw of the same origin policy is the fact that it is purely a client side implementation.
Case and point: fork Chrome, turn the flag off you have a CORS-less browser. Why you'd want that when it would be a detriment to your own good is another question. But you can do it. You don't even need to change the code. As far as I know, there still exists a flag you can pass when launching Chrome (and other browsers) to turn it off.
And now we have "Local Overrides" in Chrome's dev tools. This is a wonderful tool that has helped me debug a number of issues in production, but it also is a wonderful asset to performing XSS attacks on sites you shouldn't have authority over.
It's also possible to manipulate the perception of who you're communicating with by modifying your local hosts file. Add break points to another site's scripts, pause execution at important points, retarget your domain to a local server you're serving assets from, revert hosts file, resume execution as desired.
I'm sure there's a number of brighter people than me here who have even better examples of how easy it is to circumvent the minimal protection that is there, so it leaves me wondering why we have an entire ecosystem of technology built around such shaky ground.
It seems to me that we should have implemented better security mechanisms for these sort of things in the actual protocol level. In the same way in which we introduced websockets by "upgrading" connections, it feels like more should be done in this area to mitigate the weak protection client-side CORS policies provide.

Happy to see u back I missed u

thank you so much, a lot of websites and forums just say like: blah blah if you write blah blah blah in blah you will get blah blah blah. but now i get how it works

Realy a great content that you made~ I really like it & thank you for creating this.
I hope you'll make another content more frequent~

that 'same page' joke is what got you a thumbs up.

Dude your video editing skills are next level. Keep up the good work!

One of the best explanation for XSS. Thank you very much for this video and also for learning resource.

Liked and subscribed! Thank you so much! This was really really well done and explained!
Edit: Was I subscriber nr 14.000?!

Absolutely loved this video! The intro video, your style of talking, those amazing blue and pink (I guess they are called pastel colors?) colors. It was really fun to watch this video and get a general knowledge about XSS. Keep this us, buddy! Definitely sub from me!

Great explanation. And that video of the streamer 100% go watch it everyone!! I am so thankful you put that link there for us, haven seen such an amazing video for a while xD

Samy worm reference caught! Great video btw, very clear and useful

This should be at the top of my youtube search! I keep seeing random half assed videos on XSS.
But this kinda gold is down the list for some reason.

I love your video making style, it makes it fun to look at

Waiting for next video! You're making top content!

Top Notch explanation of a difficult topic. Loved the graphics and animation. Barvo!!

First time watching ur vid. Love the icon!

Samy is my hero....the classic myspace prank... loved the reference

Can't believe more people haven't seen this, very well explained and at a very good pace.

Thank you very much sir! you cleared all my doubts :) . Your way of presentation of topics is really really good! :D

It's a perfect video! I finally understand everything. Thank you so much!!!!
By the way, the video fragment was so funny))

You are good at explaining.
If all your videos are going to be like this, consider you have a new subscriber .

Please make more videos on different Web Vulnerability types , And maybe some more demos on them .
Love your channel ❤️

Thanks brooo. A little late onto security. But it was a great learning experience 🥳💐

This was amazing! Thanks for the upload, currently exploring your channel :)

Yo, I can confirm this vidoe is better than a QS top 100 uni lecture video, sorry professor :)

Thank you for your work! Amazing explanation!

FINALLY! a great video on XSS! Thank you!

Simple, entertaining, and engaging. Subbed. Teach me more. -Cyber Security student

I actually subscribe after the first few animations. Clean tutorial.

Excellent videos, amazing production value

Imagine they would have named it CSS (ross ite cripting)

This was so well done. By the way, what software do you use to do the drawing on your videos?

Dude you're awesome 👌
Your explanation and example is exactly what I was looking to properly understand
Thanks.
Do you have a video on XSRF also???

keep up the good work, very nice animation and super clear explanation thank you

Also, we should preferably use innerText attribute to put content inside a html element

Dude your content is awesome omg! I guess what finally made me click was you saying that the name XSS is probably not the best one (stopped focusing on the name to realize it's just an injection technique :)

a webpage to practice xss with examples? i think i love you

You have made my life easier. Thanks

my mind are blowing up. when seen the beginning of your video that mention my name. 😓😓😓

hahaha love the "Samy is my Hero!" blip thrown in there

GREAT video man, keep the content!

Amazing explanation of XSS. Kudos mate

Lil Bobby tabels you forged his name to Bobby script!! Xoxo love from India... keep up the good work cheers

Welcome mate , Please more videos

bro you just taught me what I wanted.
big fan 😊❤

Awesome explanation man! Hats off! 👌

Thank you for getting us all on the same page ;)

Thank you for building that website!
And for this video

"bobby tables" this brought back some memories

Awesome content! Keep doing it!

What happen to you man!
Many of them are waiting for your video
You are such a awesome youtuber i saw earlier
im still waiting for the next video
When i saw your video at first time i didnt understand that much .then i watch many times and understand the concept of the vulnerability
i hope you upload your next video on november
You are literaly awesome
regards,surya

hey man please make videos more frequenty and put here for us to learn. I love your work man!!

God exists, ladies and gentlemen and his youtube channel's name is PwnFunction

this guy has the coolest intro

Good quality content and thanks for explaining XSS

Pretty cool explainer video on XSS!

Love the graphics and explanation 👌

wow what a great video. I hope you will do a lot more videos like this!

I'll learn how to do security. Thanks for showing it to me!

Helped me SO MUCH! thx!

I hope everyone is wearing their hoodies while watching this

Preeety cool video, thankyou!

Thank you, that was a very clear explanation.

Amazing video. Keep them coming

Here before this channel blows up

Nicee my hero

u are great dude, happy i found u out

best explanation on the internet!!

Instantly subscribed

This is a really great video tutorial. Thank you.

Great video man. Btw, how do you do these animations? IPad recodings?