exploit cross site script vulnerability by injecting key logger or redirecting page javascript

hello friends today we are going to learn how attacker exploit xss (cross site scripting vulnerability) against legitimate users of website redirect page of website to maliciious website or inject key logger or attacker might use to inject commands using BeEF tool lets see them one by one - how attacker redirect a legitimate page index.html is a simple page running on local machine if this page is vulnerable then attacker use this against us now this page is opening properly but lets try to inject script inside page this script is used to inject lets inject script now script is injected lets try to open this page see this page is redirected to a live website this is quite easy to redirect we can provide a download link so it will download a file in users system now see how attacker inject keylogger in a vulnerable page fine lets follow mailicioous code of keylogger is injected now it turn to launch the reader page so using php we launch a reder page this is a code of reader page you can got it from internet or from bio of this video run this reader page if a user comes to our login page lets assume someone visited our page see demo now a attacker can easily guess thankyou for watching this video