echo ' <style>
    
    /* 新增动画库 */
.animate__animated {
  animation-duration: 0.5s;
}

/* 文章阅读量标签 */
.view-count {
  font-size: 12px;
  color: #666;
  margin-left: 8px;
  display: inline-flex;
  align-items: center;
}

.view-count .iconfont {
  font-size: 14px;
  margin-right: 4px;
} ';
    
</style><!doctype html>
<html lang="zh-cn">

<head>
    <!--51la统计-->
    <script charset="UTF-8" id="LA_COLLECT" src="//sdk.51.la/js-sdk-pro.min.js"></script>
    <script>LA.init({id:"3LaTBMpUHsIFZ3HE",ck:"3LaTBMpUHsIFZ3HE",autoTrack:true})</script>
    <!--51la统计-->
    <!--google统计-->
    <meta name="google-site-verification" content="vS2DgnujD7_Y0ge4oe6-MEZ7euUyZZ05Rx7SUTifWuc" />
    <!--google统计-->
  <meta charset="utf-8">
  <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
  <title>xss - Cesii Blog</title>
  <meta name="keywords" content="Cesii,博客,测试,性能测试,安全测试,接口测试,编程" />
  <meta name="description" content="Deep testing" />
  <link rel="shortcut icon" href="https://cesii.cn/content/templates/monie_jj/favicon.ico" type="image/x-icon">
  <link rel="alternate" title="RSS" href="https://cesii.cn/rss.php" type="application/rss+xml" />
  <link rel="stylesheet" href="//at.alicdn.com/t/c/font_4757084_yuqwbv4rpeg.css">
  
<link rel="stylesheet" href="https://cesii.cn/content/templates/monie_jj/dist/styles/main.074ac5d4.css">

  
  <!-- 统一了分类url和内容url -->
  </head>

<body>

  <header id="header" class="header">
    <div class="header_container">
      <div class="header_content">
        <div class="header_left">
          <a class="header_left_logo" href="https://cesii.cn/" target="_self" title="Deep testing">
            <img class="header_left_logo_pc" src="https://cesii.cn/content/uploadfile/202501/c89d1737138678.png" alt="https://cesii.cn/" loading="lazy">
            <img class="header_left_logo_mobile" src="https://cesii.cn/content/uploadfile/202501/c89d1737138848.png" alt="https://cesii.cn/" loading="lazy">
          </a>

          <nav class="header_left_nav">
            <div class="header_left_nav_mobile_menu_wrap">
              <div class="header_left_nav_mobile_menu"></div>
            </div>
            <ul class="header_nav_list">
                  
            </ul>
          </nav>
        </div>
        <div class="header_right">
          <div class="header_search_icon_wrap">
            <div class="header_search_icon" title="搜索">
              <i class="iconfont icon-sousuo"></i>
            </div>
          </div>
          <div class="header_search_wrap">
            <form class="header_search_form" action="/?keyword">
              <input id="header_search_input" class="header_search_input" type="text" name="keyword" placeholder="输入关键字搜索" autocomplete="off">
              <label for="header_search_input" class="header_search_btn" tabindex="0">
                <i class="iconfont icon-sousuo"></i>
              </label>
              <div class="search_history">
                <div class="search_history_head">
                  <span class="search-history-head-title">搜索历史</span>
                  <span class="search_history_clear_btn">清空</span>
                </div>
                <div class="search_history_list"></div>
              </div>
            </form>
<!--
            <a class="header_article_btn login" href="/admin/article.php?action=write" title="写文章">写文章</a>
          </div>
                      <button class="header-login-btn">登录</button>
                  </div>
      </div>
    </div>
  </header>

  <div class="mobile-search">
    <div class="mobile-search-mask"></div>
    <div class="mobile-search-content">
      <div class="mobile-search-close">
        <i class="iconfont icon-guanbi"></i>
      </div>
      <div class="mobile-search-body"></div>
    </div>
  </div>
  <nav class="nav">
        <div class="nav-container">
        <div class="nav-content">
            <div class="nav-list">
                
                    <div class="nav-list-item nav-list-item-parent">
                        <a class="nav-list-item-parent-name" href="https://cesii.cn/hostvlun">主机漏洞</a>
                                            </div>
                
                    <div class="nav-list-item nav-list-item-parent">
                        <a class="nav-list-item-parent-name" href="https://cesii.cn/python">Python</a>
                                            </div>
                
                    <div class="nav-list-item nav-list-item-parent">
                        <a class="nav-list-item-parent-name" href="https://cesii.cn/web-safe">web漏洞</a>
                                            </div>
                
                    <div class="nav-list-item nav-list-item-parent">
                        <a class="nav-list-item-parent-name" href="https://cesii.cn/web-service">Web服务</a>
                                            </div>
                
                    <div class="nav-list-item nav-list-item-parent">
                        <a class="nav-list-item-parent-name" href="https://cesii.cn/linux">Linux</a>
                                            </div>
                
                    <div class="nav-list-item nav-list-item-parent">
                        <a class="nav-list-item-parent-name" href="https://cesii.cn/jmeter">Jmeter</a>
                                            </div>
                
                    <div class="nav-list-item nav-list-item-parent">
                        <a class="nav-list-item-parent-name" href="https://cesii.cn/LoadRunner">LoadRunner</a>
                                            </div>
                
                    <div class="nav-list-item nav-list-item-parent">
                        <a class="nav-list-item-parent-name" href="https://cesii.cn/kali-Linux">Kali Linux</a>
                                            </div>
                
                    <div class="nav-list-item nav-list-item-parent">
                        <a class="nav-list-item-parent-name" href="https://cesii.cn/burpsuite">Burpsuite</a>
                                            </div>
                
                    <div class="nav-list-item nav-list-item-parent">
                        <a class="nav-list-item-parent-name" href="https://cesii.cn/docker">Docker</a>
                                            </div>
                            </div>
        </div>
    </div>
    <div class="nav-secondary-warp"></div>
  </nav>

  <!-- 其他页面内容 

  <script src="//cdn.jsdelivr.net/npm/lazyload@2.0.0-rc.2/lazyload.js"></script>
   -->
  <script>
    lazyload();
  </script>
 
</body>

</html>
<div class="main" role="main">
  <div class="container">
    <div class="main-content home-content">
      <div class="main-left">
        <div>
                  </div>
        <nav class="article-nav">
          <div class="article-nav-content">
            <a class="article-nav-item" href="javascript:;" target="_self" title="推荐">推荐</a>
            <a class="article-nav-item" href="javascript:;" target="_self" title="最新">最新</a>
            <span class="article-nav-line"></span>
          </div>
        </nav>
        <div class="article-skeleton">
          <div class="article-skeleton-line"></div>
          <div class="article-skeleton-line"></div>
          <div class="article-skeleton-line"></div>
          <div class="article-skeleton-line"></div>
        </div>

        <div class="article-card-wrap hidden">
                                    <article class="article-card animate__animated animate__fadeIn" data-link="https://cesii.cn/web-safe/44.html" itemscope="" itemtype="http://schema.org/BlogPosting">
                <a class="article-card-hidden-a" href="https://cesii.cn/web-safe/44.html" itemprop="url">利用XSS平台获取cookie实现免登录</a>
                <div class="article-card-head">
                  <span class="article-card-user" itemprop="author">
                    <span itemprop="name" rel="author">cesii</span>
                  </span>
                  <time class="article-card-time" datetime="2021-9-10" itemprop="datePublished">2021-9-10</time>
                  <span class="article-card-category">
                                          </span>
                </div>
                <div class="article-card-body">
                  <div class="article-card-main">
                    <h2 class="article-card-title" itemprop="name headline">利用XSS平台获取cookie实现免登录</h2>
                    <p class="article-card-desc" itemprop="articleBody">
                      本次采用的XSS平台为清华大学开源出来的blue-lotus（蓝莲花） Js文件创建 首先在xss平台中创建需要获取cookie信息的js文件，模板选择default.js 更改地址 更改js文件中的地址为自己xss平台的ip地址（原理：通过访问js文件获取网站的cookie信息后输出到xss平台） 生成payload 点击生成payload后，可以看到pa...                    </p>
                    <div class="article-card-footer">
                      <div class="article-card-footer-left" itemprop="interactionCount">
                        <span class="article-card-footer-item">
                          <i class="iconfont icon-liulan article-card-footer-item-icon"></i>
                          <span>192</span>
                        </span>
                        <!--
                        <span class="article-card-footer-item">
                          <i class="iconfont icon-dianzan article-card-footer-item-icon"></i>
                          <span>27</span>
                        </span>
                        -->
                        <a class="article-card-footer-item comments" href="https://cesii.cn/web-safe/44.html#comments" target="_blank" title="文章评论">
                          <i class="iconfont icon-pinglun article-card-footer-item-icon"></i>
                          <span>0</span>
                        </a>
                      </div>
                      <div class="article-card-footer-right">
                        <a class="article-card-tag" href="https://cesii.cn/tag/web%E6%BC%8F%E6%B4%9E"  title='标签' >web漏洞</a><a class="article-card-tag" href="https://cesii.cn/tag/xss"  title='标签' >xss</a>                      </div>
                    </div>
                  </div>
                                      <div class="article-card-thumb">
                      <img class="article-card-thumb-img" src="https://tse4-mm.cn.bing.net/th/id/OIP-C.Po2CWz0NeeB60zIW1_h07wHaDt?rs=1&pid=ImgDetMain" alt="利用XSS平台获取cookie实现免登录" loading="lazy">
                    </div>
                                  </div>
              </article>
                              </div>

        <div class="comment-pagination">
          <ol class="page-navigator">
                      </ol>
        </div>
      </div>

      <div class="main-right">
        <div class="column-small side-bar">
        <div class="aside_container article immersion-hide">
        <h3 class="sidebar_title">
            <i class="iconfont icon-huore"></i>
            热门文章        </h3>
        <div class="article_list">
            <ul class="list">
                                    <li class="item">
                        <span class="type_index">1</span>
                        <a class="link" href="https://cesii.cn/LoadRunner/24.html">
                            Loadrunner 12录制脚本时报错：The recorded script contains no steps                        </a>
                    </li>
                                    <li class="item">
                        <span class="type_index">2</span>
                        <a class="link" href="https://cesii.cn/61.html">
                            组合拳：Fiddler+Postman+AppScan，搞定C/S端软件漏洞扫描                        </a>
                    </li>
                                    <li class="item">
                        <span class="type_index">3</span>
                        <a class="link" href="https://cesii.cn/LoadRunner/3.html">
                            墙烈推荐的快速获取测试脚本方式：Fiddler抓包工具+LoadRunner12                        </a>
                    </li>
                                    <li class="item">
                        <span class="type_index">4</span>
                        <a class="link" href="https://cesii.cn/linux/16.html">
                            Linux命令之grep日志查询                        </a>
                    </li>
                                    <li class="item">
                        <span class="type_index">5</span>
                        <a class="link" href="https://cesii.cn/python/7.html">
                            Minio云存储平台文件上传python脚本示例                        </a>
                    </li>
                            </ul>
        </div>
    </div>
    <div class="aside_container tags immersion-hide">
        <h3 class="sidebar_title">
            <i class="iconfont icon-tag"></i>
            标签        </h3>
        <div class=" tags_list">
            <ul class="aside_list">
                                    <li class="link"><a href="https://cesii.cn/tag/kali" title="1 篇文章">kali</a></li>
                                    <li class="link"><a href="https://cesii.cn/tag/nmap" title="1 篇文章">nmap</a></li>
                                    <li class="link"><a href="https://cesii.cn/tag/%E6%B0%B8%E6%81%92%E4%B9%8B%E8%93%9D" title="1 篇文章">永恒之蓝</a></li>
                                    <li class="link"><a href="https://cesii.cn/tag/chatgpt" title="1 篇文章">chatgpt</a></li>
                                    <li class="link"><a href="https://cesii.cn/tag/nmon" title="1 篇文章">nmon</a></li>
                                    <li class="link"><a href="https://cesii.cn/tag/.net" title="1 篇文章">.net</a></li>
                                    <li class="link"><a href="https://cesii.cn/tag/dvwa" title="2 篇文章">dvwa</a></li>
                                    <li class="link"><a href="https://cesii.cn/tag/windows" title="4 篇文章">windows</a></li>
                                    <li class="link"><a href="https://cesii.cn/tag/JpetStore" title="1 篇文章">JpetStore</a></li>
                                    <li class="link"><a href="https://cesii.cn/tag/curl" title="1 篇文章">curl</a></li>
                                    <li class="link"><a href="https://cesii.cn/tag/metasploit" title="1 篇文章">metasploit</a></li>
                                    <li class="link"><a href="https://cesii.cn/tag/hydra" title="1 篇文章">hydra</a></li>
                                    <li class="link"><a href="https://cesii.cn/tag/checkmarx" title="1 篇文章">checkmarx</a></li>
                                    <li class="link"><a href="https://cesii.cn/tag/LOIC" title="1 篇文章">LOIC</a></li>
                                    <li class="link"><a href="https://cesii.cn/tag/fiddler" title="1 篇文章">fiddler</a></li>
                                    <li class="link"><a href="https://cesii.cn/tag/%E9%98%B2%E7%81%AB%E5%A2%99" title="1 篇文章">防火墙</a></li>
                                    <li class="link"><a href="https://cesii.cn/tag/%E7%8E%AF%E5%A2%83%E5%8F%98%E9%87%8F" title="4 篇文章">环境变量</a></li>
                                    <li class="link"><a href="https://cesii.cn/tag/jython" title="1 篇文章">jython</a></li>
                                    <li class="link"><a href="https://cesii.cn/tag/mysql" title="3 篇文章">mysql</a></li>
                                    <li class="link"><a href="https://cesii.cn/tag/jdk" title="1 篇文章">jdk</a></li>
                                    <li class="link"><a href="https://cesii.cn/tag/docker" title="4 篇文章">docker</a></li>
                                    <li class="link"><a href="https://cesii.cn/tag/tomcat" title="4 篇文章">tomcat</a></li>
                                    <li class="link"><a href="https://cesii.cn/tag/xss" title="1 篇文章">xss</a></li>
                                    <li class="link"><a href="https://cesii.cn/tag/XSS%E5%B9%B3%E5%8F%B0" title="2 篇文章">XSS平台</a></li>
                                    <li class="link"><a href="https://cesii.cn/tag/%E8%99%9A%E6%8B%9F%E6%9C%BA" title="1 篇文章">虚拟机</a></li>
                                    <li class="link"><a href="https://cesii.cn/tag/loadrunner%E9%94%99%E8%AF%AF" title="8 篇文章">loadrunner错误</a></li>
                                    <li class="link"><a href="https://cesii.cn/tag/cwe%E6%BC%8F%E6%B4%9E" title="2 篇文章">cwe漏洞</a></li>
                                    <li class="link"><a href="https://cesii.cn/tag/ip" title="1 篇文章">ip</a></li>
                                    <li class="link"><a href="https://cesii.cn/tag/scp" title="1 篇文章">scp</a></li>
                                    <li class="link"><a href="https://cesii.cn/tag/rad" title="1 篇文章">rad</a></li>
                                    <li class="link"><a href="https://cesii.cn/tag/web%E6%BC%8F%E6%B4%9E" title="5 篇文章">web漏洞</a></li>
                                    <li class="link"><a href="https://cesii.cn/tag/beef+xss" title="1 篇文章">beef xss</a></li>
                                    <li class="link"><a href="https://cesii.cn/tag/nginx" title="2 篇文章">nginx</a></li>
                                    <li class="link"><a href="https://cesii.cn/tag/ssh" title="2 篇文章">ssh</a></li>
                                    <li class="link"><a href="https://cesii.cn/tag/airmon-ng" title="1 篇文章">airmon-ng</a></li>
                                    <li class="link"><a href="https://cesii.cn/tag/wifi" title="1 篇文章">wifi</a></li>
                                    <li class="link"><a href="https://cesii.cn/tag/kali+linux" title="10 篇文章">kali linux</a></li>
                                    <li class="link"><a href="https://cesii.cn/tag/websocket" title="1 篇文章">websocket</a></li>
                                    <li class="link"><a href="https://cesii.cn/tag/sqlmap" title="4 篇文章">sqlmap</a></li>
                                    <li class="link"><a href="https://cesii.cn/tag/sql%E6%B3%A8%E5%85%A5" title="2 篇文章">sql注入</a></li>
                                    <li class="link"><a href="https://cesii.cn/tag/nodejs" title="2 篇文章">nodejs</a></li>
                                    <li class="link"><a href="https://cesii.cn/tag/tcp" title="2 篇文章">tcp</a></li>
                                    <li class="link"><a href="https://cesii.cn/tag/linux" title="19 篇文章">linux</a></li>
                                    <li class="link"><a href="https://cesii.cn/tag/burpsuite" title="2 篇文章">burpsuite</a></li>
                                    <li class="link"><a href="https://cesii.cn/tag/jmeter" title="10 篇文章">jmeter</a></li>
                                    <li class="link"><a href="https://cesii.cn/tag/%E7%BD%91%E7%BB%9C%E4%BB%A3%E7%90%86" title="1 篇文章">网络代理</a></li>
                                    <li class="link"><a href="https://cesii.cn/tag/mqtt" title="1 篇文章">mqtt</a></li>
                                    <li class="link"><a href="https://cesii.cn/tag/python" title="3 篇文章">python</a></li>
                                    <li class="link"><a href="https://cesii.cn/tag/loadrunner" title="10 篇文章">loadrunner</a></li>
                                    <li class="link"><a href="https://cesii.cn/tag/nessus" title="3 篇文章">nessus</a></li>
                            </ul>
        </div>
    </div>

    <div class="aside_container comments immersion-hide">
        <h3 class="sidebar_title">
            <i class="iconfont icon-pinglun"></i>
            最新评论        </h3>

        <div class="comments_list">
            <ul class="list">
                                    <li class="item">
                        <div class="user">

                            <div class="avatar yublog_user_avatar">
                                <img class="" src="//cravatar.cn/avatar/043de90c01bdec0971d73ce90843ab60?s=120" alt="hisir用户头像">
                            </div>
                            <div class="info">
                                <div class=""> hisir </div>
                                <span class="date">
                                    5 个月前                                </span>
                            </div>
                        </div>
                        <div class="reply">
                            <a class="link aside-reply-content" href="https://cesii.cn/110.html#33">
                                666                            </a>

                        </div>
                    </li>
                
            </ul>
        </div>
    </div>

</div>
      </div>
    </div>
  </div>
</div>

<style>
  /* 全局样式 */
  body {
    font-family: 'PingFang SC', 'Helvetica Neue', Arial, sans-serif;
    background: #f5f7fa;
    color: #333;
  }

  /* 卡片样式 */
  .article-card {
    background: #fff;
    border-radius: 12px;
    box-shadow: 0 4px 6px rgba(0, 0, 0, 0.1);
    transition: transform 0.3s ease, box-shadow 0.3s ease;
    margin-bottom: 6px;
    padding: 10px;
  }

  .article-card:hover {
    transform: translateY(-5px);
    box-shadow: 0 8px 12px rgba(0, 0, 0, 0.2);
  }

  /* 标题样式 */
  .article-card-title {
    margin-bottom: 5px;
  }

  /* 描述样式 */
  .article-card-desc {
    font-size: 1rem;
    color: #666;
    line-height: 1.6;
  }

  /* 底部样式 */
  .article-card-footer {
    display: flex;
    justify-content: space-between;
    align-items: center;
  }

  .article-card-footer-item {
    align-items: center;
    color: #666;
    margin-right: 15px;
  }

  .article-card-footer-item-icon {
    margin-right: 5px;
  }

  /* 分页样式 */
  .page-navigator {
    display: flex;
    justify-content: center;
    list-style: none;
    padding: 0;
  }

  .page-navigator li {
    margin: 0 5px;
  }

  .page-navigator a {
    border-radius: 5px;
    background: #f0f0f0;
    color: #333;
    text-decoration: none;
    transition: background 0.3s ease;
  }

  .page-navigator a:hover {
    background: #ddd;
  }
</style>

<script src="/content/templates/monie_jj/static/scripts/lazysizes.min.js"></script>
<script>
  // 图片懒加载
  document.addEventListener('DOMContentLoaded', function () {
    lazysizes.init();
  });
</script>


<script src="https://cesii.cn/content/templates/monie_jj/dist/scripts/main-manifest.ee83ce5a.js"></script>

<script src="https://cesii.cn/content/templates/monie_jj/dist/scripts/vendors.3a08bf66.js"></script>

<script src="https://cesii.cn/content/templates/monie_jj/dist/scripts/main.25ce9318.js"></script>


<footer class="footer">
  <!--Waves Container-->
  <div>
    <svg class="waves" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink"
      viewBox="0 24 150 28" preserveAspectRatio="none" shape-rendering="auto">
      <defs>
        <path id="gentle-wave" d="M-160 44c30 0 58-18 88-18s 58 18 88 18 58-18 88-18 58 18 88 18 v44h-352z" />
      </defs>
      <g class="parallax">
        <use xlink:href="#gentle-wave" x="48" y="0" fill="rgba(255,255,255,0.7" />
        <use xlink:href="#gentle-wave" x="48" y="3" fill="rgba(255,255,255,0.5)" />
        <use xlink:href="#gentle-wave" x="48" y="5" fill="rgba(255,255,255,0.3)" />
        <use xlink:href="#gentle-wave" x="48" y="7" fill="#fff" />
      </g>
    </svg>
  </div>
  <!--Waves end-->

  </div>
  <!--Header ends-->

  <!--Content starts-->
  <div class="footer-content content flex">
    <div class="footer_info">
        <!--
      <div class="footer-item">
        <a href="/about.html" target="_self" title="关于">关于</a>
        <a href="/links.html" target="_self" title="友链">友链</a>
        <a href="/rss.php" target="_blank" title="rss">rss</a>
      </div>
      -->
      <a href="https://cesii.cn/" title="cesii.cn"> Cesii ©2015 -2025<img src="https://cesii.cn/content/uploadfile/202501/e24a1737559607.png" title="戴眼镜的毛毛虫，来自90后时期的像素风，毛毛虫来自于测试，测试会产生bug，bug就是毛毛虫，毛毛虫因为近视眼要戴眼镜。">  
<a href="https://www.fujieace.com" title="付杰博客"><img src="https://cesii.cn/content/uploadfile/202409/91741725171975.png"><a> <a href="https://www.foreverblog.cn" target="_blank">  <img src="https://img.foreverblog.cn/logo_en_default.png" alt="" style="width:auto;height:16px;" title="十年之约" data-lazy-src="https://img.foreverblog.cn/logo_en_default.png" data-ll-status="loaded" class="entered lazyloaded"><noscript><img src="https://img.foreverblog.cn/logo_en_default.png" alt="" style="width:auto;height:16px;"title="十年之约"></noscript>    <a href="https://www.foreverblog.cn/go.html" target="_blank"> <img src="https://img.foreverblog.cn/wormhole_3_tp.gif" alt="" style="width:auto;height:32px;" title="穿梭虫洞-随机访问十年之约友链博客" data-lazy-src="https://img.foreverblog.cn/wormhole_3_tp.gif" data-ll-status="loaded" class="entered lazyloaded"><noscript><img src="https://img.foreverblog.cn/wormhole_3_tp.gif" alt="" style="width:auto;height:32px;" title="穿梭虫洞-随机访问十年之约友链博客"></noscript></a><a href="https://www.emlog.net/?ic=qpiFnC8e" target="_blank"><img src="https://cesii.cn/content/uploadfile/202502/d4fe1740036847.png" title="emlog驱动"></a>  <a target="_blank" title="51la网站统计" href="https://v6.51.la/land/3LaTBMpUHsIFZ3HE"><img src="https://sdk.51.la/icon/1-1.png"></a>
</a></a>
    </div>
    <p> 备案号: <a href="https://beian.miit.gov.cn/" title="京ICP备18022519号">京ICP备18022519号</a> </p>

      </div>
  <!--Content ends-->
</footer>