CookieCatcher - C�ng c? Chi?m quy?n S? d?ng XSS
CookieCatcher l� m?t ?ng d?ng m� ngu?n m? cho ph�p b?n th?c hi?n vi?c chi?m quy?n ki?m so�t phi�n (cookie tr?m c?p) th�ng qua XSS (cross-site scripting).
T�nh nang, d?c di?m
- C�c payload d?ng s?n d? an c?p d? li?u cookie
- Ch? c?n copy v� paste payloads v�o l? h?ng XSS
- S? g?i th�ng b�o qua email khi c�c cookie m?i b? d�nh c?p
- S? c? g?ng l�m m?i cookie m?i 3 ph�t
- Cung c?p d?y d? c�c y�u c?u HTTP d? chi?m quy?n ki?m so�t c�c phi�n th�ng qua m?t proxy (BuRP, v.v ...)
- S? c? g?ng t?i b?n xem tru?c khi xem d? li?u cookie
T?i tr?ng
- T?n c�ng AJAX co b?n
- Ch?ng HTTPONLY cho Apache CVE-20120053
Y�u c?u
CookieCatcher du?c x�y d?ng cho m?t ngan x?p LAMP ch?y sau d�y:
- PHP 5.xx
- PHP-cURL
- MySQL
- Lynx & crontab
C�ch s? d?ng CookieCatcher
Du?i d�y l� video v? c�ch s? d?ng CookieCatcher d? an c?p cookie:
No comments: