pentest-client-advanced

Advanced client-side attacks — CORS misconfiguration, WebSocket security, clickjacking, postMessage abuse, CSS injection, and browser storage vulnerabilities.

Safety Notice

This listing is imported from skills.sh public index metadata. Review upstream SKILL.md and repository scripts before running.

Copy this and send it to your AI assistant to learn

Install skill "pentest-client-advanced" with this command: npx skills add jd-opensource/joysafeter/jd-opensource-joysafeter-pentest-client-advanced

Pentest Client Advanced

Purpose

Test advanced client-side attack surfaces beyond XSS. Six WSTG-CLNT items remain unchecked in Shannon's pipeline — these are distinct attack classes requiring different methodology than taint analysis.

Prerequisites

Authorization Requirements

  • Written authorization with client-side testing scope
  • Test domains for hosting PoC HTML pages (attacker-controlled origin)
  • Browser testing environment with DevTools access
  • Target user simulation — ability to test cross-origin interactions

Environment Setup

  • Modern browser with DevTools (Chrome/Firefox)
  • Burp Suite for intercepting WebSocket and cross-origin traffic
  • Local HTTP server for hosting PoC pages (python -m http.server)
  • Playwright for automated browser-based attack verification

Core Workflow

  1. CORS Misconfiguration: Test reflected Origin in ACAO header, null origin bypass, subdomain wildcard abuse, credential leakage via cross-origin requests (WSTG-CLNT-07).
  2. WebSocket Security: Missing auth on WS upgrade, CSWSH (Cross-Site WebSocket Hijacking), injection through WS messages, missing origin validation (WSTG-CLNT-10).
  3. Clickjacking: Missing X-Frame-Options / CSP frame-ancestors, UI redressing, drag-and-drop hijacking, multi-step clickjacking chains (WSTG-CLNT-09).
  4. postMessage Abuse: Missing origin validation in message handlers, DOM manipulation via cross-origin messages, prototype pollution through postMessage (WSTG-CLNT-11).
  5. CSS Injection: Data exfiltration via CSS attribute selectors + background-image, CSS-based keylogging, style injection for UI manipulation (WSTG-CLNT-05).
  6. Client-Side Storage: Sensitive data in localStorage/sessionStorage, IndexedDB exposure, service worker cache poisoning (WSTG-CLNT-06).
  7. PoC Construction: Build HTML pages demonstrating each attack with real impact.

WSTG Coverage

WSTG IDTest NameStatus
WSTG-CLNT-05CSS Injection
WSTG-CLNT-06Client-Side Resource Manipulation
WSTG-CLNT-07Cross-Origin Resource Sharing
WSTG-CLNT-09Clickjacking
WSTG-CLNT-10WebSocket Testing
WSTG-CLNT-11Web Messaging

Tool Categories

CategoryToolsPurpose
CORS TestingCORScanner, curl, custom PoC pagesCORS misconfiguration detection
WebSocketwebsocket-client (Python), Burp WSWebSocket hijacking and injection
Clickjackingcustom HTML iframes, PlaywrightUI redressing PoC construction
Browser AutomationPlaywright, PuppeteerAutomated client-side attack verification
Storage AnalysisBrowser DevTools, custom JSlocalStorage/IndexedDB inspection

References

  • references/tools.md - Tool function signatures and parameters
  • references/workflows.md - Attack pattern definitions and test vectors

Source Transparency

This detail page is rendered from real SKILL.md content. Trust labels are metadata-based hints, not a safety guarantee.

Open in GitHubOpen in ClawHub

Related Skills

Related by shared tags or category signals.

Security

pentest-ai-llm-security

No summary provided by upstream source.

Repository SourceNeeds Review
-30
jd-opensource
General

pentest-mobile-app

No summary provided by upstream source.

Repository SourceNeeds Review
-38
jd-opensource
General

pentest-osint-recon

No summary provided by upstream source.

Repository SourceNeeds Review
-38
jd-opensource