Big-Papa Integrates Javascript and python for remote cookie stealing which then can be used for session hijacking

Last update: Jan 03, 2023

Overview

[ [

Big-Papa

Big-Papa Integrates Javascript and python for remote cookie stealing which then can be used for session hijacking

IN ACTION

The Higlighted data is the cookie of ongoing admin session on a router(gateway)

Now we can use something Like Burpsuite to Load the cookies and Hijack the admin session

𝗜𝗡𝗦𝗧𝗔𝗟𝗟𝗔𝗧𝗜𝗢𝗡 𝗜𝗡𝗦𝗧𝗥𝗨𝗖𝗧𝗜𝗢𝗡𝗦

1 chmod +x install.sh

2 ./install.sh

PLease Note that you need to edit the Javascript File to your own Local IP address

How Does it work?

Big-Papa utilizes malicious javascript code injection...and then makes a GET Request(with cookies) to the Python Web server running on the attacker machine

Note That you need to be man in the middle in order to inject the malicious javascript Code and then steal cookies of the website that the victim is currently visting

For testing purposes copy the Javascript code from the bgp.js file without the script tags and execute in the console of the browser

You can use Bettercap in-order to become man-in-the-middle using bettercap or use arp spoof and then run Big-Papa to inject Javascript

For HTTPS?

Big-Papa will work Perfectly against HTTP websites but For HTTPS you can use sslstrip to Downgrade it to HTTP and then utilize Big-Papa

*SSLstrip --> https://github.com/moxie0/sslstrip.git

Still some websites use HTTP and thus their data including Passwords can be read in Clear text but we need to steal cookies in some cases in order to Bypass 2-Factor-Authentication

𝕌ℙ𝔻𝔸𝕋𝔼

There were problems with writing code for javscript injector due to ongoing problems with netfilterqueue installation

BUT YOU CAN STILL USE BETTERCAP TO BECOME MAN IN THE MIDDLE AND ALSO INJECT JAVASCRIPT CODE USING BETTERCAP

*INSTALL BETTERCAP AS FOLLOWS

sudo apt install bettercap

Then you can run Big-Papa to capture cookies

You can manually perform the mitm attack and then inject the Javascript code with Big-Papa.py script runnning along

A new feature to mail the captured cookies to user specified e-mail will be added soon...

𝑴𝑨𝑲𝑬_𝑰𝑻_𝑩𝑬𝑻𝑻𝑬𝑹

To make Big-Papa Even Better Contribute to it Or use and Report Any Bugs or fixes Required..

git clone https://github.com/SxNade/Big-Papa

Big-Papa Integrates Javascript and python for remote cookie stealing which then can be used for session hijacking

Related tags

Overview

Big-Papa

IN ACTION

𝗜𝗡𝗦𝗧𝗔𝗟𝗟𝗔𝗧𝗜𝗢𝗡 𝗜𝗡𝗦𝗧𝗥𝗨𝗖𝗧𝗜𝗢𝗡𝗦

How Does it work?

For HTTPS?

𝕌ℙ𝔻𝔸𝕋𝔼

𝑴𝑨𝑲𝑬_𝑰𝑻_𝑩𝑬𝑻𝑻𝑬𝑹

Owner

Log4j vuln fuzz/scan with python

Deobfuscate Log4Shell payloads with ease

Description Basic Recon tool for beginners. Especially those who faces issue on how to recon or what all tools to use

A TCP Backdoor made in python

Spray365 is a password spraying tool that identifies valid credentials for Microsoft accounts (Office 365 / Azure AD).

CVE-2021-40346 integer overflow enables http smuggling

Windows Stack Based Auto Buffer Overflow Exploiter

Linus-png.github.io - Versionsverwaltung & Open Source Hausaufgabe

A powerful password generator utility which utilizes the slot technique to generate strong passwords of required length having combinations of lower and upper characters, digits and symbols.

将hw时信息收集以及简单的漏洞操作步骤简单化

OpenSource Poc && Vulnerable-Target Storage Box.

WebLogic T3/IIOP RCE ExternalizableHelper.class of coherence.jar

Password list generator for password spraying - prebaked with goodies

Make your own huge Wordlist with advanced options

2021hvv漏洞汇总

dos-atack-tor script de python que permite usar conexiones cebollas para atacar paginas .onion o paginas convencionales via tor.

Receive notifications/alerts on the most recent disclosed CVE's.

Apk Framework Detector

SSLyze is a fast and powerful SSL/TLS scanning tool and Python library.

A collection of over 5.1 million sub-domains and assets belonging to public bug bounty programs, compiled into a repo, for performing bulk operations.