Environment introduction
Physical machine: win10+wireshark
target machine: win7+phpstudy+DVWA
Means of attack
Enter in the input box. <script>alert(/一个嚣张的XSS/)</script>
While typing, do wireshark capture packets and filter data
Write rules
alert tcp any any -> any any (msg:"DVWA-XSS_r漏洞攻击"; flow:to_server,established; uricontent:"DVWA-master/vulnerabilities/xss_r"; fast_pattern:only; uricontent:"name="; nocase; pcre:"/name[\s=]+?.+?(%3c|\x3c|<).+?(%3E|\x3E|>)/iU"; metadata:service http; sid:3; rev:1;)
analysis
Enter in the terminal (powershell)
snort -de -c C:\Snort\etc\snort.conf -l C:\Snort\log -r C:\dvwa抓包\xssr.pcapng