Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 3 of 3
  1. #1
    New Coder
    Join Date
    Jul 2011
    Posts
    17
    Thanks
    2
    Thanked 0 Times in 0 Posts

    How can I steal HttpOnly cookies, using XSS?

    Hello,

    I would like to start off by saying I'm a developer and security manager for a website. I'm trying to make a proof of concept for sophisticated cookie stealing for my security blog. I need to know how to steal the HttpOnly cookies using a non-persistent XSS vulnerability.

    To steal HttpOnly cookies; however, requires a more sophisticated form of XSS attack. Involving XST Cross site tracing, using the HTTP Trace function.

    I'm looking for PHP code that can utilize cross site tracing to successfully grab all the cookies on the vulnerable website and log them to a .txt file on the site hosting the logger.

    Thanks for any help you can provide me.

  • #2
    Senior Coder DanInMa's Avatar
    Join Date
    Nov 2010
    Location
    Salem,Ma
    Posts
    1,577
    Thanks
    13
    Thanked 248 Times in 248 Posts
    1. we don't really help with hacks here, regardless of who you say you are, nothing personal.

    2. why in the world would anyone write an original full proof of concept hack , for free, just so you can post it on your own blog and pass it off as your idea?

    sorry if this sounds harsh, but you should read your request and look at ti from our point of view.

  • #3
    God Emperor Fou-Lu's Avatar
    Join Date
    Sep 2002
    Location
    Saskatoon, Saskatchewan
    Posts
    16,994
    Thanks
    4
    Thanked 2,662 Times in 2,631 Posts
    Yep, I'll put this to be in violation of rule §1.4.
    Thread closed.


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •