Stealing LocalStorage Tokens

by Vince
in Blog
Hits: 1461

This was an interesting situation where I thought I was retrieving a token using XSS, like (document.cookie), but instead the token was located in LocalStorage.  Obviously, you need to know the key name but since I had the application, I had that information.  Pushing aside the XSS part, the meat is here:


We're stealing the token value and pushing it to stealer.php:


Stealer.php is just taking the value and dropping it into a log file. 

Starting fresh on the browser side, we look in LocalStorage which is empty:


We add a key and the value:


Next, we point it to our token stealing page:


And we can already see that we were successful in stealing the value:


Finally, we look in the log:


And I was able to steal it via XSS which was the original goal.