[CookieCatcher] Session Hijacking Tool

CookieCatcher is an open source application which was created to assist in the exploitation of XSS (Cross Site Scripting) vulnerabilities within web applications to steal user session IDs (aka Session Hijacking). The use of this application is purely educational and should not be used without proper permission from the target application.

– Prebuilt payloads to steal cookie data
– Just copy and paste payload into a XSS vulnerability
– Will send email notification when new cookies are stolen
– Will attempt to refresh cookies every 3 minutes to avoid inactivity timeouts
– Provides full HTTP requests to hijack sessions through a proxy (BuRP, etc)
– Will attempt to load a preview when viewing the cookie data
– Basic AJAX Attack
– HTTPONLY evasion for Apache CVE-20120053
– More to come

Video Demo: http://www.youtube.com/watch?v=2GH6RRozOpY

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s