-
Notifications
You must be signed in to change notification settings - Fork 109
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Cookie Harvesting on https://slackpirate-donotuse.slack.com ?? #58
Comments
Just look at this code snippet:
Doesn't it look suspicious to anyone that call to https://slackpirate-donotuse.slack.com get workspace could be replaced by additional argument where user passes workspace? There should be no need to pass your cookie to strangers! It seems like this guy specializes in security so perhaps he was testing how many suckers would run unverified Python script! |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
When you use the
--cookie
option it sends thed
cookie to https://slackpirate-donotuse.slack.comIt is not clear from the readme that this will happen and what / if anything is in that slack workspace is captures all the d cookies submitted.
d
cookie is used when the--cookie
option is specifiedslackpirate-donotuse
workspace ?The text was updated successfully, but these errors were encountered: