CookieCatcher is an open source application which was created to assist in the exploitation of XSS (Cross Site Scripting) vulnerabilities within web applications to steal user session IDs (aka Session Hijacking). The use of this application is purely educational and should not be used without proper permission from the target application.
Features:
- Prebuilt payloads to steal cookie data
- Just copy and paste payload into a XSS vulnerability
- Will send email notification when new cookies are stolen
- Will attempt to refresh cookies every 3 minutes to avoid inactivity timeouts
- Provides full HTTP requests to hijack sessions through a proxy (BuRP, etc)
- Will attempt to load a preview when viewing the cookie data
- PAYLOADS
- Basic AJAX Attack
- HTTPONLY evasion for Apache CVE-20120053
- More to come
Video Demo: http://www.youtube.com/watch?v=2GH6RRozOpY