Skip to content

s0lst1c3/allthecookies

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

6 Commits

cookie_stealers

cookie_stealers

 
 

injectable_scripts

injectable_scripts

 
 

README.md

README.md

 
 

pip.req

pip.req

 
 

run.sh

run.sh

 
 

Repository files navigation

ALLTHECOOKIES

Assorted cookie stealers for performing session hijacking attacks against websites vulnerable to xss.

Features

Written by s0lst1c3 for XSS-SESSION-HIJACKING blogpost at solstice.me

Assorted cookie stealers for performing session hijacking attacks against websites vulnerable to xss. Shoutout to Hom1n1s for coming up with the name.

ALLTHECOOKIES has four modes

  • no redirect - redirects users to delightfully loud landing page and steals their cookies
  • simple redirect - not for practical application... redirect loop for blog post
  • guarded redirect - redirects users to cookie stealer, then quickly redirects them back to target
  • ajax - silently steals cookies in the background using AJAX

Usage

To use ALLTHECOOKIES, just execute run.sh:

./run.sh

Installation

To install ALLTHECOOKIES using git, first clone the git repo as follows:

git clone https://github.com/s0lst1c3/sentrygun.git

Then install dependencies using pip:

pip install -r pip.req

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

5 stars

Watchers

3 watching

Forks

7 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages