Advertisements

CookieCatcher – Tool For Hijacking Sessions Using XSS

CookieCatcher is an open source application that allows you perform session hijacking (cookie stealing) through XSS (cross site scripting).

Features

  • Prebuilt payloads to steal cookie data
  • Just copy and paste payload into an XSS vulnerability
  • Will send email notification when new cookies are stolen
  • Will attempt to refresh cookies every 3 minutes to avoid inactivity timeouts
  • Provides full HTTP requests to hijack sessions through a proxy (BuRP, etc)
  • Will attempt to load a preview when viewing the cookie data

Payloads

  • Basic AJAX Attack
  • HTTPONLY evasion for Apache CVE-20120053

Requirements

CookieCatcher is built for a LAMP stack running the following:
  • PHP 5.x.x
  • PHP-cURL
  • MySQL
  • Lynx & crontab

How To Use CookieCatcher

Here is a video on how to use CookieCatcher to steal cookies:

Advertisements

Leave a Reply

Your email address will not be published. Required fields are marked *

Advertisements
Advertisements
Please wait...

Subscribe to our newsletter

Get the latest News and Hacking Tools delivered to your Inbox!
%d bloggers like this: