CookieCatcher – Tool to assist in the exploitation of XSS

CookieCatcher is an open source application which was created to assist in the exploitation of XSS (Cross Site Scripting) vulnerabilities within web applications to steal user session IDs (aka Session Hijacking). The use of this application is purely educational and should not be used without proper permission from the target application.
For more information on XSS visit the following link: http://ift.tt/MiRF7O
For more information on Session Hijacking visit the following link: http://ift.tt/2vZQemX

Prebuilt payloads to steal cookie data

Just copy and paste payload into a XSS vulnerability

Will send email notification when new cookies are stolen

Will attempt to refresh cookies every 3 minutes to avoid inactivity timeouts

Provides full HTTP requests to hijack sessions through a proxy (BuRP, etc)

Will attempt to load a preview when viewing the cookie data

PAYLOADS

Basic AJAX Attack

HTTPONLY evasion for Apache CVE-20120053

More to come

Requirements
CookieCatcher is built for a LAMP stack running the following:

PHP 5.x.x

PHP-cURL

MySQL

Lynx & crontab

Installation

Download the source from github git clone http://ift.tt/2higKo0 or use the ZIP file and extract it on your server.

Setup the directory as a virtualhost in Apache (I won’t go over these details, however, you may ask me via email or you can use google.)

Create a database for the application and load the SETUP.sql file.

Setup a cron job as shown in the SETUP.cron file.

DEMO
A live demo of the application can be viewed at http://m19.us. Small domain names are recommended to cut down on the character space needed for the payloads.

Credits
@disk0nn3ct – Author danny.chrastil@gmail.com
Download CookieCatcher

http://ift.tt/2vcoXjl http://ift.tt/2aM8QhC

Anúncios

Deixe um comentário

Preencha os seus dados abaixo ou clique em um ícone para log in:

Logotipo do WordPress.com

Você está comentando utilizando sua conta WordPress.com. Sair / Alterar )

Imagem do Twitter

Você está comentando utilizando sua conta Twitter. Sair / Alterar )

Foto do Facebook

Você está comentando utilizando sua conta Facebook. Sair / Alterar )

Foto do Google+

Você está comentando utilizando sua conta Google+. Sair / Alterar )

Conectando a %s