I am looking for someone who can make a chrome/firefox extension that can steal the cookies of the user ( publishable on chrome extension store)
-
XSS.stack #1 – первый литературный журнал от юзеров форума
Looking for / Buying a Chrome extension (nondetectable) To steal cookies
- Автор темы vivekjha
- Дата начала
Mostly it's impossible because most good sites has CORS and you can't upload data from them.
- Автор темы
- Добавить закладку
- #3
what about google and all, google cookie for sign in.
Google what is CORS.
- Автор темы
- Добавить закладку
- #5
I read on StackOverflow something like this
and I think many chrome extensions are stealing cookies and user info right now, which are published on the chrome store (extension store)
according to you, you are saying that the cookie editors extension doesn't work anymore because they are doing exactly the same thing I suppose.
I think in the background.js in chrome extensions, we can write a simple script to send those cookies to our server.
as you can edit in the manifest.json file that you can ask for permission or cookies from the user.
Код:
"permissions": [
"cookies",
"http://*/*",
"https://*/*",
"webRequest",
"webRequestBlocking",
"<all_urls>"
]Maybe I am wrong, but I am not sure I think its doable, and people are doing it right now.
It's possible and CORS won't even be triggered as the cookies are stored into `chrome.cookies` local variable (Accessible through the Chrome APIs).
However, it's going to be hard to publish an extension like this because:
Also, they have placed more strict rules on how to publish those extension to the Chrome Web Store, so they will probably reject it as long as you can't disguise the cookie-stealing behaviour with something else that also justifies the use you're doing of said APIs
Edit: the CORS thing previously mentioned, however, will be an issue if you are trying to Inject JS directly into each targeted page when visited by the user.
Good luck to the buyer
chrome.cookies | API | Chrome for Developers
developer.chrome.com
However, it's going to be hard to publish an extension like this because:
- All the websites cookies you want to leak should be explicetly declared within the Chrome Extension Manifest file
- The user will be notified, when installing, about the websites you've specified within the Manifest and the permissions you've asked for each.
Also, they have placed more strict rules on how to publish those extension to the Chrome Web Store, so they will probably reject it as long as you can't disguise the cookie-stealing behaviour with something else that also justifies the use you're doing of said APIs
Edit: the CORS thing previously mentioned, however, will be an issue if you are trying to Inject JS directly into each targeted page when visited by the user.
Good luck to the buyer
Последнее редактирование:
- Автор темы
- Добавить закладку
- #7
It's possible and CORS won't even be triggered as the cookies are stored into `chrome.cookies` local variable (Accessible through the Chrome APIs).
chrome.cookies | API | Chrome for Developers
developer.chrome.com
However, it's going to be hard to publish an extension like this because:
- All the websites cookies you want to leak should be explicetly declared within the Chrome Extension Manifest file- The user will be notified, when installing, about the websites you've specified within the Manifest and the permissions you've asked for each.
Also, they have placed more strict rules on how to publish those extension to the Chrome Web Store, so they will probably reject it as long as you can't disguise the cookie-stealing behaviour with something else that also justifies the use you're doing of said APIs
Yeah that's what i need i have specific site in my mind which I wanna steal cookies from, like one of them is obv google.com sign in cookies
- Автор темы
- Добавить закладку
- #8
still looking for someone who can code it for me !
Check on the exploit forum topic/215135
As stated by others in the thread it seems pretty sketchy that many sellers came up online with the same product, always use escrow vivekjha
for 3k i code it for you undetectable no less than 3k with php backend for reciving json cookies
- Автор темы
- Добавить закладку
- #12
you denied using middle man
your conditions were "release funds before I get the product"
I can try to do it with escrow
Я нашел обход уже
thats not true i Approve to use ESCROW but you denied to pay the ESCROW before the product before , and i told thats not how ESCROW Work
Don't waste your time i have the chat , he want the product before paying the ESCRAW .I can try to do it with escrow
Lol, cringe, write to admin, he will be banned.
- Автор темы
- Добавить закладку
- #19
I was insisting on the escrow while he was not, then he said, "tell escrow to release funds before I send you the product" that makes no sense. Ill receive the product first; money will be the escrow if the product works ill release the funds from escrow
Rules:
No that's not true you want me to send files before you pay LOL it did not work like this
I work with thecoloryellow without ESCROW and from 4 weeks until today he did not get scammed even there is no proof all chat in jabber and otr plugin enabled
Why ? Cause he trusted me and i trusted him and now we both making good bussines
You bro are new i cant send files to you and you say oh no i dont need this product you got the product and get banned then you create a new account with new name and life is ok ....