Saturday, September 6, 2014

Web Server Cookie Disclouser Vulnerability Scanner

Hello Guys,
           I have write a Python code for checking Web Application Vulnerability

HTTP Only cookie is only accessed from the server side, no client script can access that cookie, when a webserver get a big cookie like same 10000 of characters for example A is char, it cannot process so it get us back error 400 [bad request], in that error has a vulnerability, its disclose cookies on a webserver.
Most of all dont know about the how to check a HTTPOnly vulnerability and web server Cookie Disclouser Vulnerability, some People runs a Tools like Acunetix and burp scan or netsparker there are most of time you will see a HTTPOnly flag is not set or cookies not protected, they just saw it and patched it through .htaccess file or including scripts in php headers file to protect a web server. But Most of dnt know how to check it, So i made it a script for checking specially for cookie disclouser vulnerability on web server
[+] I Have Made a Python Script for Checking HTTPOnly and Web server Cookie Disclouser Vulnerability.
[+] Test it Manually for checking vulnerability of HttpOnly on Web Applications, this is very common vulnerabilty on nowadays [+] Impact of this Vulnerability is Low as well as Medium depending upon the Attacker :D
Usage:-
[+] Using of this python file on windows is very Simple
[+] Download a python for windows from here: https://www.python.org/ftp/python/2.7.8/python-2.7.8.msi
[+] Run a python File [+] C:\python27>python.exe and file path
Here is some Screenshots:
[+] If Target is Vulnerable



[+] If Target is Not Vulnerable


[+] Proof of Exploiting Vulnerability using Browser, Need an Cookie Manager


Download the Python Code from here:
https://github.com/frank3nstien

Direct Link:
https://github.com/frank3nstien/web_server_cookie_disclouser_script 

10 comments:

  1. Useful for me Thank you so much !!!

    ReplyDelete
  2. hello bro i am from india muji aise tools ke bare bto jiske ke mai https http ke website hack karo..... i hack lots of pakistani website... some website a secure so i could not go over there
    plez bhai koi sugestion do.... sql injection wala mt dena aise bto jo maja aajeyi...
    aur ha ek aur bt hai youtube ke live channel new hota hai jo usko konsi tools se hack krte hai....
    plze reply me sooon i will wait for answer
    thank you ..
    love form india...

    ReplyDelete
  3. Most modern online applications now require more than 20 separate job responsibilities, and engineers who can navigate these numerous activities throughout the stack are quite useful.
    The Fullstack Training in Pune at Iteducation Centre is an integrated course that will prepare learners for critical software engineering with the finest tutor.
    (https://www.iteducationcentre.com/full-stack-training-institute-in-pune.php)

    ReplyDelete
  4. Most modern online applications now require more than 20 separate job responsibilities, and engineers who can navigate these numerous activities throughout the stack are quite useful.
    The Full stack Course In Pune at Iteducation Centre is an integrated course that will prepare learners for critical software engineering with the finest tutor.

    ReplyDelete
  5. Thanks...!!! Really very informative and useful blog for those who wants to learn python code...
    If you want to learn Front-end development course in Pune, then IT Education can be your best choice.

    ReplyDelete

  6. IT Education Centre offers the most comprehensive Red Hat Linux Training in Pune. You'll get hands-on knowledge of Linux and the Linux operating system when you enroll in our Linux training in Pune. Our Linux classes in Pune is focused on tasks and focuses on the real-world challenges and scenarios that students face within their daily lives. These live Read Hat Linux training courses in Pune follow a predetermined schedule and are led by qualified industry experts.

    ReplyDelete