Cookie Stealer Script [TOP]

Joe Web Challenge — Google CTF 2017 | by Ons A. - codeburst

: It sends the stolen cookies to a remote server controlled by the attacker via an HTTP GET or POST request. Consequences of a Successful Attack cookie stealer script

: Once the victim visits the compromised page or opens the malicious email, the script runs automatically in their browser. Joe Web Challenge — Google CTF 2017 | by Ons A

: Some scripts, like those used by the "Earth Wendigo" group, can append themselves to the victim's email signature to spread to other contacts. Prevention and Mitigation which often contains session identifiers

: The script accesses the document.cookie object, which often contains session identifiers, login keys, and personalization data.

: Once inside, the attacker can exfiltrate emails, personal documents, and financial information.