CompTIA PenTest+ (PT0-002) — Question 380

A penetration tester team is looking for the best way to steal an active session cookie that is managed on an unprotected JavaScript variable on the client side. Which of the following is the best tool to use for this task?

Answer options

• A. BeEF
• B. Burp Suite
• C. Gobuster
• D. SET

Correct answer: A

Explanation

BeEF (Browser Exploitation Framework) is specifically designed for exploiting web browsers and can easily manipulate client-side JavaScript, making it the best tool for stealing session cookies. Burp Suite is mainly focused on testing web application security but does not specialize in browser exploitation. Gobuster is a tool for directory brute-forcing and is not related to session cookie theft. SET (Social-Engineer Toolkit) is used for social engineering attacks, which is not the primary focus here.