Cybersecurity Solutions and Support Services

    Stealing LocalStorage Tokens

    This was an interesting situation where I thought I was retrieving a token using XSS, like (document.cookie), but instead the token was located in LocalStorage.  Obviously, you need to know the key name but since I had the application, I had that information.  Pushing aside the XSS part, the meat is here:

    We're stealing the token value and pushing it to stealer.php:

    Stealer.php is just taking the value and dropping it into a log file. 

    Starting fresh on the browser side, we look in LocalStorage which is empty:

    We add a key and the value:

    Next, we point it to our token stealing page:

    And we can already see that we were successful in stealing the value:

    Finally, we look in the log:

    And I was able to steal it via XSS which was the original goal. 

    © 2020