- Cross-Site Scripting attack
- XSS worm and self-propagation
- Session cookies
- HTTP GET and POST requests
- JavaScript and Ajax
Note: Since May 5 2019, the Firefox Add-on “HTTP Header Live” has been disabled by Firefox. Mozilla verifies and signs add-ons that follow a set of security guidelines. The version of HTTP Header Live (v 0.6 – Last Updated April 9, 2018) installed on the VM does not comply with this security guideline, so it was automatically disabled. The issue can be easily resolved by installing the latest version of HTTP Header Live.
Video to help:
https://www.youtube.com/watch?v=sFSq6dsDGzA&feature=youtu.be