For more information on XSS visit the following link: http://ift.tt/MiRF7O
For more information on Session Hijacking visit the following link: http://ift.tt/2vZQemX
Prebuilt payloads to steal cookie data
Just copy and paste payload into a XSS vulnerability
Will send email notification when new cookies are stolen
Will attempt to refresh cookies every 3 minutes to avoid inactivity timeouts
Provides full HTTP requests to hijack sessions through a proxy (BuRP, etc)
Will attempt to load a preview when viewing the cookie data
Basic AJAX Attack
HTTPONLY evasion for Apache CVE-20120053
More to come
CookieCatcher is built for a LAMP stack running the following:
Lynx & crontab
Download the source from github git clone http://ift.tt/2higKo0 or use the ZIP file and extract it on your server.
Setup the directory as a virtualhost in Apache (I won’t go over these details, however, you may ask me via email or you can use google.)
Create a database for the application and load the SETUP.sql file.
Setup a cron job as shown in the SETUP.cron file.
A live demo of the application can be viewed at http://m19.us. Small domain names are recommended to cut down on the character space needed for the payloads.
@disk0nn3ct – Author firstname.lastname@example.org