orlyjamie
commented
8 years ago Agreed :dancers: I'm currently in the progress of implementing cookie extraction - On top of this, I'm going to also create a script for scenarios in which your perspective is that of a local attacker machine so that as soon as the cookies are captured (from a remote machine), they can be loaded up in your own browser and gain seamless access to which ever web-service(s) the cookies belong to.
PowerPress
It would be cool if we could get the cookies when the user is already logged in (so the script can't get the password). For GMAIL, we would probably need to refine but from what I can see, the names of the cookies are: S, OSID, GMAIL_IMP, GMAIL_AT, COMPASS, SSID, SID, SAPISID, NID, HSID, APISID