Cybrary Pro Day is here!
Ready to Start Your Career?

XSS Cookie Theft Is Not Working

Author's profile image

January 1, 2016

I tried test the XSS cookie theft but not working for me! My IP is 192.168.56.101 and xss\_and\_mysql vm is 192.168.56.104 I have the listener running (netcat -lvp 80) here is my script: anything wrong! It seems to be case sensitive - try again with `````` (and yeah, its because the font he uses sucks) same problem as @haleid at first, so i followed the link and it worked but port 80 is not listening. Is something wrong!! See the following: https://www.popped.io/2014/02/hijacking-sessions-using-socat.html Using socat instead of Netcat has the advantage that socat does not stop after the first connection attempt like Netcat does. The function document.write is used in this example Please test both, socat and netcat. Please post if it works! or just use almost any webserver (apache, or lighttpd) and tail -f the access log :D The code above didn't work for me either. I googled around and found this: http://www.danscourses.com/Network-Penetration-Testing/xss-with-a-vulnerable-webapp.html
Schedule Demo
Build your Cybersecurity or IT Career
Accelerate in your role, earn new certifications, and develop cutting-edge skills using the fastest growing catalog in the industry