I noticed on hackersploit video web app pen testing #15 he mentioned he will upload the code for the PHP cookie stealer. I can’t seem to find it, I found a version of one on GitHub but it’s not working. It’s displaying some of the info except the PHPSESSID. Any tips?
P.s I have found a vuln website for xss, I can view the PHPSESSID info on the site, but when I send it to my server it doesn’t arrive. HttpOnly flag isn’t on either.