CookieCatcher - Tool For Hijacking Sessions Using XSS
CookieCatcher is an open source application that allows you perform session hijacking (cookie stealing) through XSS (cross site scripting).
Features
- Prebuilt payloads to steal cookie data
- Just copy and paste payload into an XSS vulnerability
- Will send email notification when new cookies are stolen
- Will attempt to refresh cookies every 3 minutes to avoid inactivity timeouts
- Provides full HTTP requests to hijack sessions through a proxy (BuRP, etc)
- Will attempt to load a preview when viewing the cookie data
Payloads
- Basic AJAX Attack
- HTTPONLY evasion for Apache CVE-20120053
Requirements
CookieCatcher is built for a LAMP stack running the following:
- PHP 5.x.x
- PHP-cURL
- MySQL
- Lynx & crontab
How To Use CookieCatcherHere is a video on how to use CookieCatcher to steal cookies:
