CookieCatcher - Tool For Hijacking Sessions Using XSS

CookieCatcher  Session Hijacking Tool

CookieCatcher is an open source application that allows you perform session hijacking (cookie stealing) through XSS (cross site scripting).


  • Prebuilt payloads to steal cookie data
  • Just copy and paste payload into an XSS vulnerability
  • Will send email notification when new cookies are stolen
  • Will attempt to refresh cookies every 3 minutes to avoid inactivity timeouts
  • Provides full HTTP requests to hijack sessions through a proxy (BuRP, etc)
  • Will attempt to load a preview when viewing the cookie data


  • Basic AJAX Attack
  • HTTPONLY evasion for Apache CVE-20120053

No comments

Powered by Blogger.