Demonstrating XSS Attack on a Custom Web Application

Node.js and XSStrike. Took these logos from the respectives websites.

Step 1

Create an index.js file with this code in it. (Also, install express from here)

Step 2

Start your web app by running the below code on your command prompt.

node index.js
This should how your page should look like. Screenshot by Author.

Step 3

Go to the folder where you have downloaded XSStrike and run the below command. (Install python3 from here if you do not have it)

python3 -u http://localhost:3000/?name=inputField
Install the XSStrike dependencies from here in case you get errors. Screenshot by Author.

Step 4

Copy any one of the payloads and try them on the URL as shown below.

Try other payloads if one does not work. Screenshot by Author.


  1. Stackoverflow answer to prevent XSS in server side javascript.
  2. OWASP cheat sheet to Node.js security.



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Yarala Hruthik Reddy

Yarala Hruthik Reddy

I do a lot of things. Just trying to find my breakthrough.