CookieCatcher is an open source application which was created to assist in the exploitation of XSS (Cross Site Scripting) vulnerabilities within web applications to steal user session IDs (aka Session Hijacking). The use of this application is purely educational and should not be used without proper permission from the target application.
For more information on XSS visit the following link: https://www.owasp.org/index.php/Cross-siteScripting(XSS)
For more information on Session Hijacking visit the following link: https://www.owasp.org/index.php/Sessionhijackingattack
CookieCatcher is built for a LAMP stack running the following:
git clone https://github.com/DisK0nn3cT/CookieCatcher.gitor use the ZIP file and extract it on your server.
A live demo of the application can be viewed at http://m19.us. Small domain names are recommended to cut down on the character space needed for the payloads.
If you have ideas or suggestions on how to improve upon the existing application and would like to offer your time, please contact me via email.
@disk0nn3ct - Author [email protected]