Disable XSS Prevention in Windows

There are two ways to disable IE8’s XSS prevention.  This is not for the average user, and is only for penetration testers (who use Windows/ie8…. oxymoron?)

Group Policy (Better):

  1. Click the Start menu
  2. Select Run
  3. Type: gpedit.msc
  4. Hit enter.
  5. Select User Configuration
  6. Select Administrative Templates
  7. select Windows Components
  8. Select Internet Explorer
  9. Select Internet Control Panel
  10. Select Security Page
  11. Go through each of the Zones, looking for “Turn on Cross-Site Scripting (XSS) Filter”, and set it to Disabled.

Now repeat this, changing 5. to: Select Computer Configuration

Reboot and you are done!


Source: http://a4apphack.com/security/disabling-default-xss-filtering-in-ie8-for-security-testers

  1. Open IE8
  2. Click Tools
  3. Select Internet Options
  4. Select the Security tab
  5. Ensure Internet is selected, and click Custom Level…
  6. About 90% down the list you will find Enable XSS filter
  7. Select Disable
  8. Ok, Ok, restart IE.

Comments are closed