Hey guys,
I just released an open source web application, "CookieCatcher" on GitHub.
Its the very first release, so any feedback is appreciated :)
CookieCatcher is an open source application which was created to assist in
Session Hijacking through the exploitation of XSS (Cross Site Scripting)
vulnerabilities in web applications. The use of this application is purely
educational and should not be used without proper permission from the
target application.
Features:
- Prebuilt payloads to steal cookie data
- Just copy and paste payload into a XSS vulnerability
- Will send email notification when new cookies are stolen
- Will attempt to refresh cookies every 3 minutes to avoid inactivity
timeouts
- Provides full HTTP requests to hijack sessions through a proxy (BuRP, etc)
- Will attempt to load a preview when viewing the cookie data
- PAYLOADS
-
-
- HTTPONLY evasion for Apache CVE-20120053
-
Requirements:
CookieCatcher is built for a LAMP stack running the following:
- PHP 5.x.x
- PHP-cURL
- MySQL
- Lynx & crontab
I've created a video demo on youtube to show the basic functionality:
http://www.youtube.com/watch?v=2GH6RRozOp
And here is the link to the GitHub repo:
https://github.com/DisK0nn3cT/CookieCatcher
Please ping me with any questions or errors you have along the way. Again,
I appreciate any feedback/ideas that you may have.
Happy Hacking,
disk0nn3ct
Hey guys,
I just released an open source web application, "CookieCatcher" on GitHub.
Its the very first release, so any feedback is appreciated :)
CookieCatcher is an open source application which was created to assist in
Session Hijacking through the exploitation of XSS (Cross Site Scripting)
vulnerabilities in web applications. The use of this application is purely
educational and should not be used without proper permission from the
target application.
Features:
* Prebuilt payloads to steal cookie data
* Just copy and paste payload into a XSS vulnerability
* Will send email notification when new cookies are stolen
* Will attempt to refresh cookies every 3 minutes to avoid inactivity
timeouts
* Provides full HTTP requests to hijack sessions through a proxy (BuRP, etc)
* Will attempt to load a preview when viewing the cookie data
* PAYLOADS
* * Basic AJAX Attack
* * HTTPONLY evasion for Apache CVE-20120053
* * More to come
Requirements:
CookieCatcher is built for a LAMP stack running the following:
* PHP 5.x.x
* PHP-cURL
* MySQL
* Lynx & crontab
I've created a video demo on youtube to show the basic functionality:
http://www.youtube.com/watch?v=2GH6RRozOp
And here is the link to the GitHub repo:
https://github.com/DisK0nn3cT/CookieCatcher
Please ping me with any questions or errors you have along the way. Again,
I appreciate any feedback/ideas that you may have.
Happy Hacking,
disk0nn3ct