No description, website, or topics provided.
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
cookie_stealers
injectable_scripts
README.md
pip.req
run.sh

README.md

ALLTHECOOKIES

Assorted cookie stealers for performing session hijacking attacks against websites vulnerable to xss.

Features

Written by s0lst1c3 for XSS-SESSION-HIJACKING blogpost at solstice.me

Assorted cookie stealers for performing session hijacking attacks against websites vulnerable to xss. Shoutout to Hom1n1s for coming up with the name.

ALLTHECOOKIES has four modes

  • no redirect - redirects users to delightfully loud landing page and steals their cookies
  • simple redirect - not for practical application... redirect loop for blog post
  • guarded redirect - redirects users to cookie stealer, then quickly redirects them back to target
  • ajax - silently steals cookies in the background using AJAX

Usage

To use ALLTHECOOKIES, just execute run.sh:

./run.sh

Installation

To install ALLTHECOOKIES using git, first clone the git repo as follows:

git clone https://github.com/s0lst1c3/sentrygun.git

Then install dependencies using pip:

pip install -r pip.req