Hello 👋 infosec geeks 👨‍💻 this is my 4th blog post,

This blog is regarding cookie stealing via clickjacking using burp collaborator on target using Apache Tomcat server.

let’s consider the target as redacted.com, the target having its servlets exposed publically and you can see current user cookie in the path /examples/servlets/servlet/CookieExample

so in order to exploit users, I thought of doing clickjacking in order to increase the impact.

Now I checked the X-frame header in order to use the iframe tag in clickjacking.

And as aspected, they were not using any x-frame header so i built a payload for clickjacking which much looks like.

enter your burp collaborator link in the form action attribute.

code looks in the browser,

finally, when any victim enters the cookie it will be shown in the burp collaborator as shown below.

see full video POC on my youtube channel here: video___poc

subscribe to my youtube channel here: subscribe__channel_here

connect me via LinkedIn: https://www.linkedin.com/in/anurag-verma-650b771a2

connect me on Instagram: varmaanu001