-
Notifications
You must be signed in to change notification settings - Fork 63
Web Siphoning Cookie
7h30th3r0n3 edited this page Jan 20, 2025
·
2 revisions
Inspired by the great work of Samy Karmar's : https://github.com/samyk/poisontap
Web Siphoning Cookie:
- Provide a Web page that charge multiple hidden iframes with different domain.
- When the iframes is loaded, the domain is spoofed and answer a javascript that grab the cookie for this domain.
- The cookies is send to the webserver that save it on the sdcard.
Limitations:
- Modern browser have limitations against this attack, Firefox use
network.cookie.cookieBehaviorin about:config to protect cookies if you put the value to 4, the attack is effective. - Javascript may not be executed on all smartphone.
Workflow:
- Start portal.
- Choose XX-WebSiphonCookie.html.
- When page is loaded the script execute the attack and cookie are logged on SDcard.
- Scan WiFi
- Select WiFi
- Clone & Details
- Captive Portal Management
- Check Credential
- Probes Attack
- Sniffing Probes
- Karma Attack
- Automated Karma Attack
- Karma Spear
- Bluetooth Serial Control
- Wardriving
- Wardriving Master
- Beacon Spam
- Deauther
- Handshake Master
- WiFi Raw Sniffing
- Sniff Raw Client
- WiFi Channel Visualizer
- Client Sniff And Deauth
- EAPOL/Deauth Detection
- Wall Of Flipper
- Send Tesla Code with RFunit
- SSH Shell
- Scan Network and Port
- Full Network Scan
- Web Crawler
- PwnGridSpam
- Skimmer Detector
- BadUSB
- Bluetooth Keyboard
- Reverse TCP Tunnel
- DHCP Starvation Attack
- Rogue DHCP Server
- Switch DNS
- Network Hijacking
- Printer Attack
- Web Siphoning Cookie
- Custom Theming