pentest-client-advanced
Installation
SKILL.md
Pentest Client Advanced
Purpose
Test advanced client-side attack surfaces beyond XSS. Six WSTG-CLNT items remain unchecked in Shannon's pipeline — these are distinct attack classes requiring different methodology than taint analysis.
Prerequisites
Authorization Requirements
- Written authorization with client-side testing scope
- Test domains for hosting PoC HTML pages (attacker-controlled origin)
- Browser testing environment with DevTools access
- Target user simulation — ability to test cross-origin interactions
Environment Setup
- Modern browser with DevTools (Chrome/Firefox)
- Burp Suite for intercepting WebSocket and cross-origin traffic
- Local HTTP server for hosting PoC pages (python -m http.server)
- Playwright for automated browser-based attack verification