We will use Mutillidae II and its HTML5 web storage exercise again for this recipe. Here are the steps:

1. In the Kali VM, browse to Mutillidae II (http://192.168.56.11/mutillidae) and in the menu, go to HTML5 | HTML 5 Web Storage | HTML 5 Web Storage.

2. Open Developer Tools and go to the Storage tab. Then, go to Local Storage and select the server address (192.168.56.11):

Here, we can see that there are three values in Local Storage.

3. Now, change to Session Storage and select the server address:

In the temporary or per-session storage, we see four values, among them one called Secure.AuthenticationToken.

4. We mentioned before that Local Storage is accessible on a per-domain basis, which means that any application running in the same domain can read and manipulate, for example, the MessageOfTheDay entry we saw in step 2. Let's try and exploit a vulnerability in another application to access this data. On the same browser, open a new tab and go to BodgeIt (http://192.168.56.11/bodgeit).
   1. We know BodgeIt's search is vulnerable to XSS, so enter the following payload in the search box and execute it:

<script>alert(window.localStorage.MessageOfTheDay);</script>

6. Now, try the same with the Session Storage:

<script>alert(window.sessionStorage.getItem("Secure.AuthenticationToken"));</script>

7. As we cannot access the Session Storage from a different window, go back to the Mutillidae II tab and go to Owasp 2013 | XSS | Reflected First Order | DNS lookup.

8. In the Hostname/IP field, enter the preceding payload and click on Lookup DNS: