|
Menu |
|
|
Home |
| |
|
Discussions |
| |
|
Tools |
| |
|
Affiliates |
| |
|
Content |
| |
|
Info |
| | |
|
|
|
|
|
User Info |
|
Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9144
People Online:
Visitors: 98
Members: 0
Total: 98
|
|
|
|
|
|
Full disclosure |
|
|
|
|
|
|
|
|
|
IT Security and Insecurity Portal |
|
|
Cookie stealing - How to? |
|
Posted: Wed Jan 30, 2008 3:55 pm |
|
|
Juicy-BBQ |
Beginner |
|
|
Joined: Jan 30, 2008 |
Posts: 3 |
|
|
|
|
|
|
|
Hello I would like to know the following or at least would like to be pointed at the right direction.
I'd like to get the cookies as shown on the following example.
Example:
1)I write an address of my site (this site will have the needed php or some other script)
2)Victim will click on this link and his cookie will be stolen
3)Victim will be redirected to the real site
4)I will be able to see the victims cookie information from the page he clicked to get to my page.I would like to see the cookie information from an ''log.txt'' file
Heres a better example:
The victim sees a address on ''www.victimsite.com'' and clicks on it.He will go to ''www.mypage.com'' and his ''www.victimsite.com'' cookie will be stolen.He will be redirected to ''www.realsite.com''
Hope you get it |
|
|
|
|
|
|
|
|
Posted: Wed Jan 30, 2008 4:32 pm |
|
|
waraxe |
Site admin |
|
|
Joined: May 11, 2004 |
Posts: 2407 |
Location: Estonia, Tartu |
|
|
|
|
|
|
First of all, there is cross-site/cross-domain security checks in webbrowsers. If victim is visiting your website, then in normal conditions you can't have victim's cookies for other sites - like hotmail.com or waraxe.us ...
So that's why XSS aka Cross-site Scripting comes handy. If you have found XSS security bug in target website, then cookie stealing can be possible.
Practical example:
Target website is phpnuke based. Session management is cookie-based and cookie contains username and password's md5 hash. By stealing cookie attacker can impersonate victim even without hash cracking. Now, this cookie will be created after logging-in and destroyed after logging out. Cookie exists therefore within victim's current activity period, or if victim is lazy and will not log out, then cookie can remain usable for long time. Next, let's suppose that you trick victim to visit your website. Example - forum post with link to some picture. Web page, victim is visiting, contains iframe or multiple recursive iframes and/or javascript trick to cover attack. This internal iframe in attacker's website is pointed to target's website with XSS exploit attached to URL. Stolen cookie can be written to log file or sent by email, etc ... |
|
|
|
|
|
|
|
|
Posted: Wed Jan 30, 2008 4:56 pm |
|
|
Juicy-BBQ |
Beginner |
|
|
Joined: Jan 30, 2008 |
Posts: 3 |
|
|
|
|
|
|
|
So basically what I need is that the ''www.victimsite.com'' allows Javascript and html so that it would save the ''www.victimsite.com'' cookie and when he gets to my page it would be saved and I could look at it from the logfile.
Did I get it right |
|
|
|
|
|
|
|
|
Posted: Wed Jan 30, 2008 5:22 pm |
|
|
waraxe |
Site admin |
|
|
Joined: May 11, 2004 |
Posts: 2407 |
Location: Estonia, Tartu |
|
|
|
|
|
|
Please note - there is three parties:
1. target website, for which you want the cookie to be stealed
2. attacker website - contains info, that victim is visiting for, and additionally cookie stealing iframe or frame.
3. victim - person, who needs to be active both in target website and attacker website.
And target website must contain XSS security hole.
If you are taloking about "html and javascript enabled", then probably you mean by this "persistent XSS", where javascript can be injected permanently to target website's content. Still, most XSS security holes in real world are "Reflective XSS".
http://en.wikipedia.org/wiki/Cross-site_scripting
Please read Wikipedia and XSS whitepapers, available in web. There is lot's of theory behind this, you can't just jump in and start exploiting XSS - read basics first. Just my $0.02 |
|
|
|
|
|
|
|
|
Posted: Thu Jan 31, 2008 2:59 pm |
|
|
Juicy-BBQ |
Beginner |
|
|
Joined: Jan 30, 2008 |
Posts: 3 |
|
|
|
|
|
|
|
Thank you waraxe Much clearer on that part now.
One more question.How can I try out XSS.You know to get the right feeling and study on from there I mean do I just install some older forum packages on my localhost. But not all web pages are built like forums |
|
|
|
|
|
|
|
|
Posted: Thu Jan 31, 2008 4:35 pm |
|
|
waraxe |
Site admin |
|
|
Joined: May 11, 2004 |
Posts: 2407 |
Location: Estonia, Tartu |
|
|
|
|
|
|
Yes, my suggestion is to install some old forum, blogging or CMS software on your own local PC and then try XSS in practice.
And believe me - most of the real-world websites are affected by XSS! There is no difference between forum-based or cms-based or any other website from XSS-exploiter's point of view. Target can be custom-written website and as long as there is some kind of session management, XSS may offer possibilities to hijack sessions and impersonate users or admins (in case of weak session management security - no remote IP address and/or UserAgent binding, etc). |
|
|
|
|
www.waraxe.us Forum Index -> Newbies corner
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|