Tweet
Hello,
I would like to start off by saying I'm a developer and security manager for a website. I'm trying to make a proof of concept for sophisticated cookie stealing for my security blog. I need to know how to steal the HttpOnly cookies using a non-persistent XSS vulnerability.
To steal HttpOnly cookies; however, requires a more sophisticated form of XSS attack. Involving XST Cross site tracing, using the HTTP Trace function.
I'm looking for PHP code that can utilize cross site tracing to successfully grab all the cookies on the vulnerable website and log them to a .txt file on the site hosting the logger.
Thanks for any help you can provide me.
I would like to start off by saying I'm a developer and security manager for a website. I'm trying to make a proof of concept for sophisticated cookie stealing for my security blog. I need to know how to steal the HttpOnly cookies using a non-persistent XSS vulnerability.
To steal HttpOnly cookies; however, requires a more sophisticated form of XSS attack. Involving XST Cross site tracing, using the HTTP Trace function.
I'm looking for PHP code that can utilize cross site tracing to successfully grab all the cookies on the vulnerable website and log them to a .txt file on the site hosting the logger.
Thanks for any help you can provide me.
Comment