Web Analytics Made Easy -
StatCounter How can I steal HttpOnly cookies, using XSS? - CodingForum


No announcement yet.

How can I steal HttpOnly cookies, using XSS?

This topic is closed.
  • Filter
  • Time
  • Show
Clear All
new posts

  • How can I steal HttpOnly cookies, using XSS?


    I would like to start off by saying I'm a developer and security manager for a website. I'm trying to make a proof of concept for sophisticated cookie stealing for my security blog. I need to know how to steal the HttpOnly cookies using a non-persistent XSS vulnerability.

    To steal HttpOnly cookies; however, requires a more sophisticated form of XSS attack. Involving XST Cross site tracing, using the HTTP Trace function.

    I'm looking for PHP code that can utilize cross site tracing to successfully grab all the cookies on the vulnerable website and log them to a .txt file on the site hosting the logger.

    Thanks for any help you can provide me.

  • #2
    1. we don't really help with hacks here, regardless of who you say you are, nothing personal.

    2. why in the world would anyone write an original full proof of concept hack , for free, just so you can post it on your own blog and pass it off as your idea?

    sorry if this sounds harsh, but you should read your request and look at ti from our point of view.
    - Firebug is a web developers best friend! - Learn it, Love it, use it!
    - Validate your code! - JQ/JS troubleshooting
    - Using jQuery with Other Libraries - Jslint for Jquery/other JS library users


    • #3
      Yep, I'll put this to be in violation of rule §1.4.
      Thread closed.
      PHP Code:
      header('HTTP/1.1 420 Enhance Your Calm'); 
      Been gone for a few months, and haven't programmed in that long of a time. Meh, I'll wing it ;)