4.2.11. Persistence

4.2.11.1. Storage Based

Sometimes websites will store information in cookies or localStorage, and because these data are generally stored actively by the website, in many cases, the data retrieved from cookies or localStorage is not filtered, and it will be directly retrieved and displayed on the page, or even stored. When data in JSON format is stored, some sites exsit such as eval(data) calls. Therefore, when there is an XSS, the payload can be written into it and triggered under the corresponding conditions.

Under some conditions, this exploit may cause problems due to some special characters, which can use String.fromCharCode to bypass.

4.2.11.2. Service Worker

Service Worker can intercept HTTP requests and act like a local proxy, so you can use Service Worker Hook some requests to return attack codes in the request to achieve the purpose of persistent attacks.

in Chrome，can use chrome://inspect/#service-workers to view the status of the Service Worker and stop it.。

4.2.11.3. AppCache

In a controllable network environment (public wifi), the AppCache mechanism can be used to force some payloads to be stored. If they are not cleared, the corresponding payloads will always exist when users visit the site.