11-23-2012, 08:14 PM
Heres my understanding of the XSS Cookie Stealing.
You find an XSS Valn within that site.
You then Send them the XSS Valn With a cookie Stealing Script (Of course you need to create a site with the cookie stealing script, log, and script that gives the cookie to the cookie stealer.)
What I do not under stand is how you view the cookies after u get them, or Say if a user wasnt logged in does it send them to a login page which they then log in and then u get their login cookie?
And do you need to create a real web page for these scripts?
These are what I need to Clarify.
And then hopefully i can create these with out any kind of help.
Sorry for the Newbie Questions, I'm more of a visual learner, and then I keep doing it until I understand the complete process to where i understand every detail.
You find an XSS Valn within that site.
You then Send them the XSS Valn With a cookie Stealing Script (Of course you need to create a site with the cookie stealing script, log, and script that gives the cookie to the cookie stealer.)
What I do not under stand is how you view the cookies after u get them, or Say if a user wasnt logged in does it send them to a login page which they then log in and then u get their login cookie?
And do you need to create a real web page for these scripts?
These are what I need to Clarify.
And then hopefully i can create these with out any kind of help.
Sorry for the Newbie Questions, I'm more of a visual learner, and then I keep doing it until I understand the complete process to where i understand every detail.