XSS Attack Test

  1. Open a terminal emulator and login to APP node

  2. In APP node, hange working directory to /home/ubuntu/arcadia

    $ cd /home/ubuntu/arcadia

    and then deploy vs-2.yaml file

    $ kubectl apply -f vs-2.yaml

  3. Open another terminal emulator and login to APP node then monitor the syslog output

    $ ssh app

$ podname=`kubectl get pods | awk '/^syslog/{print $1}'`; kubectl exec -it $podname -- tail -f /var/log/messages

  4. From Firefox browser, open http://app.arcadia.com/ page then click Login button

    _images/test-a1.png

    You can see the request logging start to scroll

  5. Try to attack by type <script> in Username input then click Log me in button

    _images/test-a2.png

  6. Rejected Request page displayed in the browser

    _images/test-a3.png

    then see the log that match the support ID

    _images/test-a4.png