sQuo Posted September 9, 2013 Share Posted September 9, 2013 This is the hidden content, please Sign In or Sign Up CookieCatcher is an open source application which was created to assist in the exploitation of XSS (Cross Site Scripting) vulnerabilities within web applications to steal user session IDs (aka Session Hijacking). The use of this application is purely educational and should not be used without proper permission from the target application. Features: - Prebuilt payloads to steal cookie data - Just copy and paste payload into a XSS vulnerability - Will send email notification when new cookies are stolen - Will attempt to refresh cookies every 3 minutes to avoid inactivity timeouts - Provides full HTTP requests to hijack sessions through a proxy (BuRP, etc) - Will attempt to load a preview when viewing the cookie data - PAYLOADS - Basic AJAX Attack - HTTPONLY evasion for Apache CVE-20120053 - More to come Video Demo: Download: This is the hidden content, please Sign In or Sign Up Link to comment Share on other sites More sharing options...
Recommended Posts