View Full Version : How can I steal HttpOnly cookies, using XSS?

08-31-2011, 08:11 PM

I would like to start off by saying I'm a developer and security manager for a website. I'm trying to make a proof of concept for sophisticated cookie stealing for my security blog. I need to know how to steal the HttpOnly cookies using a non-persistent XSS vulnerability.

To steal HttpOnly cookies; however, requires a more sophisticated form of XSS attack. Involving XST Cross site tracing, using the HTTP Trace function.

I'm looking for PHP code that can utilize cross site tracing to successfully grab all the cookies on the vulnerable website and log them to a .txt file on the site hosting the logger.

Thanks for any help you can provide me.

08-31-2011, 09:35 PM
1. we don't really help with hacks here, regardless of who you say you are, nothing personal.

2. why in the world would anyone write an original full proof of concept hack , for free, just so you can post it on your own blog and pass it off as your idea?

sorry if this sounds harsh, but you should read your request and look at ti from our point of view.

08-31-2011, 10:08 PM
Yep, I'll put this to be in violation of rule 1.4.
Thread closed.