Big-Papa Integrates Javascript and python for remote cookie stealing which then can be used for session hijacking

Last update: Jan 3, 2023

Related tags

Security related resources javascript cookies python3 bypassing session-store session-cookie authentication-backend mitm-attacks cookie-authentication hijack-js maninthemiddleattack 2factor session-stealer cookie-stealer inject-js js-injection bypass-2fa password-stealer

Overview

[ [

Big-Papa

Big-Papa Integrates Javascript and python for remote cookie stealing which then can be used for session hijacking

IN ACTION

The Higlighted data is the cookie of ongoing admin session on a router(gateway)

Now we can use something Like Burpsuite to Load the cookies and Hijack the admin session

𝗜𝗡𝗦𝗧𝗔𝗟𝗟𝗔𝗧𝗜𝗢𝗡 𝗜𝗡𝗦𝗧𝗥𝗨𝗖𝗧𝗜𝗢𝗡𝗦

1 chmod +x install.sh

2 ./install.sh

PLease Note that you need to edit the Javascript File to your own Local IP address

How Does it work?

Big-Papa utilizes malicious javascript code injection...and then makes a GET Request(with cookies) to the Python Web server running on the attacker machine

Note That you need to be man in the middle in order to inject the malicious javascript Code and then steal cookies of the website that the victim is currently visting

For testing purposes copy the Javascript code from the bgp.js file without the script tags and execute in the console of the browser

You can use Bettercap in-order to become man-in-the-middle using bettercap or use arp spoof and then run Big-Papa to inject Javascript

For HTTPS?

Big-Papa will work Perfectly against HTTP websites but For HTTPS you can use sslstrip to Downgrade it to HTTP and then utilize Big-Papa

*SSLstrip --> https://github.com/moxie0/sslstrip.git

Still some websites use HTTP and thus their data including Passwords can be read in Clear text but we need to steal cookies in some cases in order to Bypass 2-Factor-Authentication

𝕌ℙ𝔻𝔸𝕋𝔼

There were problems with writing code for javscript injector due to ongoing problems with netfilterqueue installation

BUT YOU CAN STILL USE BETTERCAP TO BECOME MAN IN THE MIDDLE AND ALSO INJECT JAVASCRIPT CODE USING BETTERCAP

*INSTALL BETTERCAP AS FOLLOWS

sudo apt install bettercap

Then you can run Big-Papa to capture cookies

You can manually perform the mitm attack and then inject the Javascript code with Big-Papa.py script runnning along

A new feature to mail the captured cookies to user specified e-mail will be added soon...

𝑴𝑨𝑲𝑬_𝑰𝑻_𝑩𝑬𝑻𝑻𝑬𝑹

To make Big-Papa Even Better Contribute to it Or use and Report Any Bugs or fixes Required..

git clone https://github.com/SxNade/Big-Papa

You might also like...

CVE-2021-22986 & F5 BIG-IP RCE

Vuln Impact This vulnerability allows for unauthenticated attackers with network access to the iControl REST interface, through the BIG-IP management

85 Dec 2, 2022

This enforces signatures for CVE-2021-44228 across all policies on a BIG-IP ASM device

f5-waf-enforce-sigs-CVE-2021-44228 This enforces signatures for CVE-2021-44228 across all policies on a BIG-IP ASM device Overview This script enforce

5 Mar 31, 2022

A small script to export all AWAF policies from a BIG-IP device

This script leverages BIG-IP iControl REST API to export ALL AWAF policies in the system and saves them locally. The policies can be exported in the following formats: xml, plc and json.

3 Feb 3, 2022

CVE-2022-1388 F5 BIG-IP iControl REST Auth Bypass RCE

CVE-2022-1388 CVE-2022-1388 F5 BIG-IP iControl REST Auth Bypass RCE. POST /mgmt/tm/util/bash HTTP/1.1 Host: Accept-Encoding: gzip, deflate Accept: */

81 Dec 12, 2022

SSH Tool For OSINT and then Cracking.

sshmap SSH Tool For OSINT and then Cracking. Linux Systems Only Usage: Scanner Syntax: scanner start/stop/status - Sarts/stops/sho

5 Apr 4, 2022

Searches for potentially vulnerable websites to local file inclusion, throughout the web and then exploits them for LFI

LFI-Hunter Searches for potentially vulnerable websites to local file inclusion, throughout the web and then exploits them for LFI A script written in

6 Jan 30, 2022

edgedressing leverages a Windows "feature" in order to force a target's Edge browser to open. This browser is then directed to a URL of choice.

edgedressing One day while experimenting with airpwn-ng, I noticed unexpected GET requests on the target node. The node in question happened to be a W

43 Dec 23, 2022

Red Team Toolkit is an Open-Source Django Offensive Web-App which is keeping the useful offensive tools used in the red-teaming together.

RedTeam Toolkit Note: Only legal activities should be conducted with this project. Red Team Toolkit is an Open-Source Django Offensive Web-App contain

382 Jan 1, 2023

Pupy is an opensource, cross-platform (Windows, Linux, OSX, Android) remote administration and post-exploitation tool mainly written in python

Pupy Installation Installation instructions are on the wiki, in addition to all other documentation. For maximum compatibility, it is recommended to u

7.4k Jan 4, 2023

Big-Papa Integrates Javascript and python for remote cookie stealing which then can be used for session hijacking

Related tags

Overview

Big-Papa

IN ACTION

𝗜𝗡𝗦𝗧𝗔𝗟𝗟𝗔𝗧𝗜𝗢𝗡 𝗜𝗡𝗦𝗧𝗥𝗨𝗖𝗧𝗜𝗢𝗡𝗦

How Does it work?

For HTTPS?

𝕌ℙ𝔻𝔸𝕋𝔼

𝑴𝑨𝑲𝑬_𝑰𝑻_𝑩𝑬𝑻𝑻𝑬𝑹

You might also like...

CVE-2021-22986 & F5 BIG-IP RCE

This enforces signatures for CVE-2021-44228 across all policies on a BIG-IP ASM device

A small script to export all AWAF policies from a BIG-IP device

CVE-2022-1388 F5 BIG-IP iControl REST Auth Bypass RCE

SSH Tool For OSINT and then Cracking.

Searches for potentially vulnerable websites to local file inclusion, throughout the web and then exploits them for LFI

edgedressing leverages a Windows "feature" in order to force a target's Edge browser to open. This browser is then directed to a URL of choice.

Red Team Toolkit is an Open-Source Django Offensive Web-App which is keeping the useful offensive tools used in the red-teaming together.

Pupy is an opensource, cross-platform (Windows, Linux, OSX, Android) remote administration and post-exploitation tool mainly written in python

Owner

FBGen is simple facebook user based wordlist generator using Username/ID and cookie.

log4j2 passive burp rce scanning tool get post cookie full parameter recognition

DNS hijacking via dead records automation tool

DLLirant is a tool to automatize the DLL Hijacking researches on a specified binary.

This is python script that will extract the functions call in all used DLL in an executable and then provide a mapping of those functions to the attack classes defined and curated malapi.io.

A python base script from which you can hack or clone any person's facebook friendlist or followers accounts which have simple password

D-810 is an IDA Pro plugin which can be used to deobfuscate code at decompilation time by modifying IDA Pro microcode.

On the 11/11/21 the apache 2.4.49-2.4.50 remote command execution POC has been published online and this is a loader so that you can mass exploit servers using this.

Python & JavaScript Obfuscator made in Python 3.

A Python & JavaScript Obfuscator made in Python 3.