Hello Guys,
I have write a Python code for checking Web Application Vulnerability
HTTP Only cookie is only accessed from the server side, no client script can access that cookie, when a webserver get a big cookie like same 10000 of characters for example A is char, it cannot process so it get us back error 400 [bad request], in that error has a vulnerability, its disclose cookies on a webserver.
Most of all dont know about the how to check a HTTPOnly vulnerability and web server Cookie Disclouser Vulnerability, some People runs a Tools like Acunetix and burp scan or netsparker there are most of time you will see a HTTPOnly flag is not set or cookies not protected, they just saw it and patched it through .htaccess file or including scripts in php headers file to protect a web server. But Most of dnt know how to check it, So i made it a script for checking specially for cookie disclouser vulnerability on web server
[+] I Have Made a Python Script for Checking HTTPOnly and Web server Cookie Disclouser Vulnerability.
[+] Test it Manually for checking vulnerability of HttpOnly on Web Applications, this is very common vulnerabilty on nowadays [+] Impact of this Vulnerability is Low as well as Medium depending upon the Attacker :D
Usage:-
[+] Using of this python file on windows is very Simple
[+] Download a python for windows from here: https://www.python.org/ftp/python/2.7.8/python-2.7.8.msi
[+] Run a python File [+] C:\python27>python.exe and file path
Here is some Screenshots:
[+] If Target is Vulnerable
[+] If Target is Not Vulnerable
[+] Proof of Exploiting Vulnerability using Browser, Need an Cookie Manager
Download the Python Code from here:
https://github.com/frank3nstien
Direct Link:
https://github.com/frank3nstien/web_server_cookie_disclouser_script
I have write a Python code for checking Web Application Vulnerability
HTTP Only cookie is only accessed from the server side, no client script can access that cookie, when a webserver get a big cookie like same 10000 of characters for example A is char, it cannot process so it get us back error 400 [bad request], in that error has a vulnerability, its disclose cookies on a webserver.
Most of all dont know about the how to check a HTTPOnly vulnerability and web server Cookie Disclouser Vulnerability, some People runs a Tools like Acunetix and burp scan or netsparker there are most of time you will see a HTTPOnly flag is not set or cookies not protected, they just saw it and patched it through .htaccess file or including scripts in php headers file to protect a web server. But Most of dnt know how to check it, So i made it a script for checking specially for cookie disclouser vulnerability on web server
[+] I Have Made a Python Script for Checking HTTPOnly and Web server Cookie Disclouser Vulnerability.
[+] Test it Manually for checking vulnerability of HttpOnly on Web Applications, this is very common vulnerabilty on nowadays [+] Impact of this Vulnerability is Low as well as Medium depending upon the Attacker :D
Usage:-
[+] Using of this python file on windows is very Simple
[+] Download a python for windows from here: https://www.python.org/ftp/python/2.7.8/python-2.7.8.msi
[+] Run a python File [+] C:\python27>python.exe and file path
Here is some Screenshots:
[+] If Target is Vulnerable
[+] If Target is Not Vulnerable
[+] Proof of Exploiting Vulnerability using Browser, Need an Cookie Manager
Download the Python Code from here:
https://github.com/frank3nstien
Direct Link:
https://github.com/frank3nstien/web_server_cookie_disclouser_script
Useful for me Thank you so much !!!
ReplyDeletehello bro i am from india muji aise tools ke bare bto jiske ke mai https http ke website hack karo..... i hack lots of pakistani website... some website a secure so i could not go over there
ReplyDeleteplez bhai koi sugestion do.... sql injection wala mt dena aise bto jo maja aajeyi...
aur ha ek aur bt hai youtube ke live channel new hota hai jo usko konsi tools se hack krte hai....
plze reply me sooon i will wait for answer
thank you ..
love form india...
domchimp.com/tools/server-security-scanner
ReplyDeletenice blog.
ReplyDeleteLearn Full Stack from Full Stack Training In Pune
ReplyDeleteMost modern online applications now require more than 20 separate job responsibilities, and engineers who can navigate these numerous activities throughout the stack are quite useful.
ReplyDeleteThe Fullstack Training in Pune at Iteducation Centre is an integrated course that will prepare learners for critical software engineering with the finest tutor.
(https://www.iteducationcentre.com/full-stack-training-institute-in-pune.php)
Most modern online applications now require more than 20 separate job responsibilities, and engineers who can navigate these numerous activities throughout the stack are quite useful.
ReplyDeleteThe Full stack Course In Pune at Iteducation Centre is an integrated course that will prepare learners for critical software engineering with the finest tutor.
Thanks...!!! Really very informative and useful blog for those who wants to learn python code...
ReplyDeleteIf you want to learn Front-end development course in Pune, then IT Education can be your best choice.
ReplyDeleteIT Education Centre offers the most comprehensive Red Hat Linux Training in Pune. You'll get hands-on knowledge of Linux and the Linux operating system when you enroll in our Linux training in Pune. Our Linux classes in Pune is focused on tasks and focuses on the real-world challenges and scenarios that students face within their daily lives. These live Read Hat Linux training courses in Pune follow a predetermined schedule and are led by qualified industry experts.
Thanks for the post.
ReplyDeleteAlso, check Full stack classes in Pune