



10) On opening the url, the user will be redirected to xyz.com and cookies will be stored in log.txt and the user will again be redirected to the url which you wrote in step 5.





11) On saving those cookies to your browser, you will get access to that user's account.





Always remember to use Kali for helpful purposes and not use it to cause harm.

Stay Safe.

Follow us on Facebook:- Facebook.com/VAPTHacker LinkedIn:- https://www.linkedin.com/in/rohankalra97/ Twitter:- https://twitter.com/rohankalra97

Session hijacking can be defined as impersonating and sending a request as a user other than yourself.In layman's language, it is similar to plane hijacking, where a terrorist takes control of the plane except that here the hacker takes control of the session. It can be done in many ways, the most common being stealing the cookies of a user.1) Find the website which is vulnerable to XSS. Let us assume that a siteis vulnerable to XSS.2) Assume that when a search (which is vulnerable to XSS) is performed on the website, parameters are passed in the url in the format3) Now we need to save the cookies of the user.4) Copy the code from my repository at https://github.com/rohankalra97/Session-Hijacking/blob/master/stealer.php and save it as5) Replace the 5th line with the url which you want the user to be finally redirected to.6) Create an empty file with name7) Now push the file at your own server. Let us assume that the server at which you pushed is at xyz.com.8) Now to steal the cookies, we need to edit the search url and add following script at it9)Now we need to send the url to the user where the script is added at abc.com