CookieCatcher – Tool For Hijacking Sessions Using XSS

CookieCatcher is an open source application that allows you perform session hijacking (cookie stealing) through XSS (cross site scripting).


  • Prebuilt payloads to steal cookie data
  • Just copy and paste payload into an XSS vulnerability
  • Will send email notification when new cookies are stolen
  • Will attempt to refresh cookies every 3 minutes to avoid inactivity timeouts
  • Provides full HTTP requests to hijack sessions through a proxy (BuRP, etc)
  • Will attempt to load a preview when viewing the cookie data


  • Basic AJAX Attack
  • HTTPONLY evasion for Apache CVE-20120053


CookieCatcher is built for a LAMP stack running the following:
  • PHP 5.x.x
  • PHP-cURL
  • MySQL
  • Lynx & crontab

How To Use CookieCatcher

Here is a video on how to use CookieCatcher to steal cookies:


Leave a Reply

Your email address will not be published. Required fields are marked *

Please wait...

Subscribe to our newsletter

Get the latest News and Hacking Tools delivered to your Inbox!
%d bloggers like this: