Cybersecurity Solutions and Support Services

    Stealing LocalStorage Tokens

    This was an interesting situation where I thought I was retrieving a token using XSS, like (document.cookie), but instead the token was located in LocalStorage.  Obviously, you need to know the key name but since I had the application, I had that information.  Pushing aside the XSS part, the meat is here:


    We're stealing the token value and pushing it to stealer.php:


    Stealer.php is just taking the value and dropping it into a log file. 

    Starting fresh on the browser side, we look in LocalStorage which is empty:


    We add a key and the value:


    Next, we point it to our token stealing page:


    And we can already see that we were successful in stealing the value:


    Finally, we look in the log:


    And I was able to steal it via XSS which was the original goal. 


    © 2020 sevenlayers.com