Session Hijacking Visual Exploitation

Practical labs, notes, and reports for CEH v13 modules — covering web hacking, network pentesting, malware analysis, social engineering, and security tool usage.

A Deliberately Insecure Web Application

PHP Cookie Stealing Scripts for use in XSS

Local PHP/MySQL e-wallet application combined with a hands-on cybersecurity demo lab. Implements user/admin auth, balances, transfers, CSRF protection, session timeouts, login lockout, and hashing. Includes a toggleable Vulnerable/Secure lab to demonstrate XSS and session hijacking with real code and mitigations.

Cybersecurity Threats & Vulnerabilities Guide is a comprehensive educational resource that provides detailed documentation, detection scripts, and prevention strategies for various cybersecurity threats.

CyberX-AI-Digital-Twin is an AI-powered cybersecurity platform that uses digital twin technology to simulate, detect, and analyze cyber threats in a safe, isolated environment. Ideal for researchers, developers, and educators to test and enhance network security.

A tiny flask app for helping red-teamers, purple teamers, and pentesters in delivery, data exfiltration, and some attacks (SSRF, XXE, XSS, Session Hijacking, Session Riding).

Powershell scripts for scanning ASP.NET apps

Python spyware that captures keystrokes, mouse inputs, screenshots & microphone audio — exfiltrates via email every 10 seconds with self-delete on discovery.

Intentionally vulnerable captive portal lab for wireless security training. Demonstrates session hijacking, authentication bypass, and network security vulnerabilities. Docker containerized for safe, isolated learning environments. FOR EDUCATIONAL USE ONLY.

The Device Fingerprint Generator is a web-based tool that uniquely identifies devices based on various browser and system attributes. By leveraging JavaScript and web APIs, it creates a consistent fingerprint that can be used for analytics, fraud prevention, and security purposes.

MySQLSessionHandler Class (PHP 7.1)

Demonstrating exploitation of missing HTTP cookie flags

This repository demonstrates a privilege escalation attack targeting Open5GS's WebUI, exploiting unauthenticated database connections and forged session cookies/JWT tokens. The analysis reveals critical vulnerabilities in authentication mechanisms, offering insights for securing 5G network components.

Demo tool for hijacking TCP sessions

Notes & misc taken from Complete Ethical Hacking Bootcamp 2021: ZTM(ARCHIVED) and EC-Council's CodeRed

A red and purple team utility for extracting, encrypting, and simulating browser session hijacking scenarios on Windows endpoints. Designed for training, research, and detection development.

Hands-on TCP/IP attack lab covering SYN Flooding, TCP RST Attack, Session Hijacking, and Reverse Shell - performed in an isolated SEED Labs virtual environment. MS Cybersecurity | NUCES Islamabad.

Python server captures inbound HTTP connections along with its respective cookies