Waraxe IT Security Portal
Login or Register
November 22, 2024
Menu
Home
Logout
Discussions
Forums
Members List
IRC chat
Tools
Base64 coder
MD5 hash
CRC32 checksum
ROT13 coder
SHA-1 hash
URL-decoder
Sql Char Encoder
Affiliates
y3dips ITsec
Md5 Cracker
User Manuals
AlbumNow
Content
Content
Sections
FAQ
Top
Info
Feedback
Recommend Us
Search
Journal
Your Account
User Info
Welcome, Anonymous
Nickname
Password
(Register)

Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9144

People Online:
Visitors: 124
Members: 0
Total: 124
Full disclosure
APPLE-SA-11-19-2024-5 macOS Sequoia 15.1.1
Local Privilege Escalations in needrestart
APPLE-SA-11-19-2024-4 iOS 17.7.2 and iPadOS 17.7.2
APPLE-SA-11-19-2024-3 iOS 18.1.1 and iPadOS 18.1.1
APPLE-SA-11-19-2024-2 visionOS 2.1.1
APPLE-SA-11-19-2024-1 Safari 18.1.1
Reflected XSS - fronsetiav1.1
XXE OOB - fronsetiav1.1
St. Poelten UAS | Path Traversal in Korenix JetPort 5601
St. Poelten UAS | Multiple Stored Cross-Site Scripting in SEH utnserver Pro
Apple web content filter bypass allows unrestricted access to blocked content (macOS/iOS/iPadOS/visionO S/watchOS)
SEC Consult SA-20241112-0 :: Multiple vulnerabilities in Siemens Energy Omnivise T3000 (CVE-2024-38876, CVE-2024-38877, CVE-2024-38878, CVE-2024-38879)
Security issue in the TX Text Control .NET Server for ASP.NET.
SEC Consult SA-20241107-0 :: Multiple Vulnerabilities in HASOMED Elefant and Elefant Software Updater
Unsafe eval() in TestRail CLI
Log in Register Forum FAQ Memberlist Search
IT Security and Insecurity Portal

www.waraxe.us Forum Index -> Newbies corner -> Cookie stealing - How to?
Post new topicReply to topic View previous topic :: View next topic
Cookie stealing - How to?
PostPosted: Wed Jan 30, 2008 3:55 pm Reply with quote
Juicy-BBQ
Beginner
Beginner
Joined: Jan 30, 2008
Posts: 3




Hello I would like to know the following or at least would like to be pointed at the right direction.
I'd like to get the cookies as shown on the following example.
Example:
1)I write an address of my site (this site will have the needed php or some other script)
2)Victim will click on this link and his cookie will be stolen
3)Victim will be redirected to the real site
4)I will be able to see the victims cookie information from the page he clicked to get to my page.I would like to see the cookie information from an ''log.txt'' file

Heres a better example:
The victim sees a address on ''www.victimsite.com'' and clicks on it.He will go to ''www.mypage.com'' and his ''www.victimsite.com'' cookie will be stolen.He will be redirected to ''www.realsite.com''

Hope you get it
View user's profile Send private message
PostPosted: Wed Jan 30, 2008 4:32 pm Reply with quote
waraxe
Site admin
Site admin
Joined: May 11, 2004
Posts: 2407
Location: Estonia, Tartu




First of all, there is cross-site/cross-domain security checks in webbrowsers. If victim is visiting your website, then in normal conditions you can't have victim's cookies for other sites - like hotmail.com or waraxe.us ...
So that's why XSS aka Cross-site Scripting comes handy. If you have found XSS security bug in target website, then cookie stealing can be possible.

Practical example:

Target website is phpnuke based. Session management is cookie-based and cookie contains username and password's md5 hash. By stealing cookie attacker can impersonate victim even without hash cracking. Now, this cookie will be created after logging-in and destroyed after logging out. Cookie exists therefore within victim's current activity period, or if victim is lazy and will not log out, then cookie can remain usable for long time. Next, let's suppose that you trick victim to visit your website. Example - forum post with link to some picture. Web page, victim is visiting, contains iframe or multiple recursive iframes and/or javascript trick to cover attack. This internal iframe in attacker's website is pointed to target's website with XSS exploit attached to URL. Stolen cookie can be written to log file or sent by email, etc ...
View user's profile Send private message Send e-mail Visit poster's website
PostPosted: Wed Jan 30, 2008 4:56 pm Reply with quote
Juicy-BBQ
Beginner
Beginner
Joined: Jan 30, 2008
Posts: 3




So basically what I need is that the ''www.victimsite.com'' allows Javascript and html so that it would save the ''www.victimsite.com'' cookie and when he gets to my page it would be saved and I could look at it from the logfile. Confused
Did I get it right Question
View user's profile Send private message
PostPosted: Wed Jan 30, 2008 5:22 pm Reply with quote
waraxe
Site admin
Site admin
Joined: May 11, 2004
Posts: 2407
Location: Estonia, Tartu




Please note - there is three parties:

1. target website, for which you want the cookie to be stealed
2. attacker website - contains info, that victim is visiting for, and additionally cookie stealing iframe or frame.
3. victim - person, who needs to be active both in target website and attacker website.

And target website must contain XSS security hole.
If you are taloking about "html and javascript enabled", then probably you mean by this "persistent XSS", where javascript can be injected permanently to target website's content. Still, most XSS security holes in real world are "Reflective XSS".

http://en.wikipedia.org/wiki/Cross-site_scripting

Please read Wikipedia and XSS whitepapers, available in web. There is lot's of theory behind this, you can't just jump in and start exploiting XSS - read basics first. Just my $0.02 Smile
View user's profile Send private message Send e-mail Visit poster's website
PostPosted: Thu Jan 31, 2008 2:59 pm Reply with quote
Juicy-BBQ
Beginner
Beginner
Joined: Jan 30, 2008
Posts: 3




Thank you waraxe Smile Much clearer on that part now.
One more question.How can I try out XSS.You know to get the right feeling and study on from there Confused I mean do I just install some older forum packages on my localhost. But not all web pages are built like forums Confused
View user's profile Send private message
PostPosted: Thu Jan 31, 2008 4:35 pm Reply with quote
waraxe
Site admin
Site admin
Joined: May 11, 2004
Posts: 2407
Location: Estonia, Tartu




Yes, my suggestion is to install some old forum, blogging or CMS software on your own local PC and then try XSS in practice.
And believe me - most of the real-world websites are affected by XSS! There is no difference between forum-based or cms-based or any other website from XSS-exploiter's point of view. Target can be custom-written website and as long as there is some kind of session management, XSS may offer possibilities to hijack sessions and impersonate users or admins (in case of weak session management security - no remote IP address and/or UserAgent binding, etc).
View user's profile Send private message Send e-mail Visit poster's website
Cookie stealing - How to?
www.waraxe.us Forum Index -> Newbies corner
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
All times are GMT
Page 1 of 1

Post new topicReply to topic


Powered by phpBB © 2001-2008 phpBB Group



Space Raider game for Android, free download - Space Raider gameplay video - Zone Raider mobile games
All logos and trademarks in this site are property of their respective owner. The comments and posts are property of their posters, all the rest (c) 2004-2024 Janek Vind "waraxe"
Page Generation: 0.044 Seconds