Hey guys, I just released an open source web application, "CookieCatcher" on GitHub. Its the very first release, so any feedback is appreciated :) CookieCatcher is an open source application which was created to assist in Session Hijacking through the exploitation of XSS (Cross Site Scripting) vulnerabilities in web applications. The use of this application is purely educational and should not be used without proper permission from the target application. Features: * Prebuilt payloads to steal cookie data * Just copy and paste payload into a XSS vulnerability * Will send email notification when new cookies are stolen * Will attempt to refresh cookies every 3 minutes to avoid inactivity timeouts * Provides full HTTP requests to hijack sessions through a proxy (BuRP, etc) * Will attempt to load a preview when viewing the cookie data * PAYLOADS * * Basic AJAX Attack * * HTTPONLY evasion for Apache CVE-20120053 * * More to come Requirements: CookieCatcher is built for a LAMP stack running the following: * PHP 5.x.x * PHP-cURL * MySQL * Lynx & crontab I've created a video demo on youtube to show the basic functionality: http://www.youtube.com/watch?v=2GH6RRozOp And here is the link to the GitHub repo: https://github.com/DisK0nn3cT/CookieCatcher Please ping me with any questions or errors you have along the way. Again, I appreciate any feedback/ideas that you may have. Happy Hacking, disk0nn3ct