CookieCatcher - Tool For Hijacking Sessions Using XSS

CookieCatcher  Session Hijacking Tool

CookieCatcher is an open source application that allows you perform session hijacking (cookie stealing) through XSS (cross site scripting).

Features

  • Prebuilt payloads to steal cookie data
  • Just copy and paste payload into an XSS vulnerability
  • Will send email notification when new cookies are stolen
  • Will attempt to refresh cookies every 3 minutes to avoid inactivity timeouts
  • Provides full HTTP requests to hijack sessions through a proxy (BuRP, etc)
  • Will attempt to load a preview when viewing the cookie data

Payloads

  • Basic AJAX Attack
  • HTTPONLY evasion for Apache CVE-20120053

Requirements

CookieCatcher is built for a LAMP stack running the following:
  • PHP 5.x.x
  • PHP-cURL
  • MySQL
  • Lynx & crontab

How To Use CookieCatcher

Here is a video on how to use CookieCatcher to steal cookies:







Source: www.effecthacking.com
CookieCatcher - Tool For Hijacking Sessions Using XSS CookieCatcher - Tool For Hijacking Sessions Using XSS Reviewed by Anonymous on 11:06 PM Rating: 5