=========== Tip: common to burp suite, mitmproxy, and proxify When a DVWM instance is running on a local machine and accessed by 127.0.0.1:PORT, local proxy cannot intercept HTTP request correctly. After a series of trial and error, the solution found was accessing the instance using a name, like: add a line to the hosts file: 127.0.0.1 DVWA visit DVWA:PORT instead of 127.0.0.1:PORT ================= mitmproxy install KALI: mitmproxy is already installed on Kali.

DVWA Walkthrough (Low level) Low: XSS (DOM) Vulnerablility URL: http://127.0.0.1:42001/vulnerabilities/xss_d/ How to test: https://owasp.org/www-project-web-security-testing-guide/v41/4-Web_Application_Security_Testing/11-Client_Side_Testing/01-Testing_for_DOM-based_Cross_Site_Scripting.html Observation 1 Pick any language from the dropdown list, then press the Select button. If the selected language is “English” then, the address will be changed to http://127.0.0.1:42001/vulnerabilities/xss_d/?default=English Modify the address to http://127.0.0.1:42001/vulnerabilities/xss_d/?default=Assyrian , then Assyrian will be appeared in the dropdown list. page source <div class="vulnerable_code_area"> <p>Please choose a language:</p> <form name="XSS" method="GET"> <select name="default"> <script> if (document.