Cookie Stealing Upgrade - Ajax Style
1879 views 
For those of you that have been living under a good and solid rock lately, AJAX is revolutionizing the way the web works in the fact that it brings desktop-like functionality straight to the web in the form of Javascript and XML (For this tutorial, a working knowledge of XML is not needed.) In other words, AJAX (Asynchronous Javascript and XML) gets rid of pesky page refreshes and coupled with DHTML effects, can lead to quite interesting desktop-like web apps.
AJAX is not 1 technology, but rather it's a collection of technologies that when used together provide a powerful framework. This Article/Tutorial will attempt to teach you how to harness this power to develop a very powerful cookie stealer. It's a great introduction to AJAX as well since it uses it in a unique and fun way.
Before you use this tutorial, you must realize that AJAX is only useful specifically as a cookie stealer if it bypasses Cross-Domain policies. In order for this to work, the target site must have some sort of private messaging system in place to receive the cookies themselves. This will effectively bypass all verification that the browser needs in order to send the request.
Cross-site XHR ?
AFAIK it's not gonna work because of same origin policy.
Before you use this
"Before you use this tutorial, you must realize that AJAX is only useful specifically as a cookie stealer if it bypasses Cross-Domain policies. In order for this to work, the target site must have some sort of private messaging system in place to receive the cookies themselves. This will effectively bypass all verification that the browser needs in order to send the request."
Read more carefully...
Post new comment