A small tool built to exploit vulnerability of Cross-Site Scripting and steal user's session cookie using JavaScript. It sends the user's stolen cookies to an attacker controlled server.

This project demonstrates the possibility of escalating a vulnerability of Self XSS in to an Account Takeover. It assumes the presence of SSO along with the regular flow of authentication and exploits the business logic flaw of the test application.

It is a small wrapper script to make use of multiple avenues to fetch all the available JS variables. These variables can later be tested for different types of vulnerabilities.

This project is a simple android application that checks the best price of Sovereign Gold Bonds (SGB) to purchase from the secondary market. The app fetches data from WintWealth and continuously monitors the available rates. When a good deal is found, it sends a notification to alert the user.