Cookies is a piece of code which identify you to the site. They store settings about your customized look and feel for the pages you view, your username and encrypted password or user id, who referred you to the site, profile preferences, and just about any kind of information the admins want them to store to customize your user experience. Cookies are most commonly used to give you access to login protected pages once you've entered your information, identify you in content that you change on the site (forum posts or article comments, for example), tell the administrators how you found the site, and more. Again, cookies will function as their creators have written them to function.
In other words when ever you login to a website such as Facebook, Gmail, Orkut etc your browser assigns you a cookie which basically tells the browser that for how long the user should be logged it.
What are session cookies or session IDs or session token?
Whenever we sign into an account it generates a unique piece of string. One copy is saved on server and other in our browser as cookie. Both are matched every time we do anything in our account. Session cookies enable the website you are visiting to keep track of your movement from page to page so you don't get asked for the same information you've already given to the site. Cookies allow you to proceed through many pages of a site quickly and easily without having to authenticate or reprocess each new area you visit. This piece of string or login session is destroyed when we click on 'Sign Out' option.
Just visit yahoo.com and Type in browser
Code:
javascript:alert(document.cookie);
You would get a pop up box showing you the cookies left by yahoo on our PC.
Now login to your account and do same thing, you would see some more elements added to the cookies. These represent sessions ids.
So it means sessions are stored in our browser in form of cookies.
An attacker can steal that session by convincing slave to run a piece of code in browser. Attacker can use that stolen session to login into slave's account without providing any username/password. This attack is very uncommon because when the slave clicks 'Sign out', session gets destroyed and attacker too also gets signed out.
Note : But in case of yahoo, it’s not the same. The attacker doesn’t get signed out when slave clicks 'Sign out'. Though the session automatically gets destroyed after 24hrs by yahoo. But when user simply refreshes the windows in yahoo account, he gets sessions again for next 24 hrs. This means, once the yahoo account session is stolen, attacker can access the account for life time by refreshing window in every 24hrs. I am not actually sure whether its 24 or 48 hrs.
What is a Session Hijacking Attack?
A session hijacking attack is basically an act of capturing session cookies and injecting it into your own browser to gain acess to victims account.
What is a Cookie Stealer?
A cookie stealer is basically a script used to steal victims authentication cookies, Now for a cookie stealing process to work the website or the webpage should be vulnerable to an XSS attack, This is the most common and widely known misconception among newbies.
1. The attacker creates a PHP script and uploades it to a webhosting site.
2. The attacker then asks the victim to visit that particular link containing the PHP code.
3. Once the victim visits it his/her authentication cookie is saved in a .txt file.
4. Next the attacker uses a cookieinjector or a cookie editor, There are lots of firefox addons, google chrome extensions to do the work for you.
Eg: Cookie manager v1.5.1
You can also use the webdeveloper toolbar to do the work for you.
5. The attacker replaces his own cookies with the victims cookies as a result of which the victims session is hijacking.
So now that you understand the theory and applications of cookies, you're probably wondering how you can edit them on your own. There are many ways to use or change our browser cookies, such as javascript injections, dozens of firefox addons, etc. My favorite way is by using a firefox addon called Firecookie, which is actually an extension to another firefox addon, firebug. You can download them from mozilla's official addon site (firebug must be installed first):
Firebug: https://addons.mozilla.org/en-US/firefox/addon/1843
Firecookie: https://addons.mozilla.org/en-US/firefox/addon/6683
Well this trick won't work on all Yahoo,Gmail,...accounts and as Yahoo/Gmail now offers End to End https:// encryption, Which encrypts the session token so even if we could get our hands on the GX cookie it's useless, but if a user has turned off the End to End https:// encryption in gmail,yahoo.. it can work for sure.
Hope you all have liked it....
IF you have any queries ask me in comment bellow.....
In other words when ever you login to a website such as Facebook, Gmail, Orkut etc your browser assigns you a cookie which basically tells the browser that for how long the user should be logged it.
What are session cookies or session IDs or session token?
Whenever we sign into an account it generates a unique piece of string. One copy is saved on server and other in our browser as cookie. Both are matched every time we do anything in our account. Session cookies enable the website you are visiting to keep track of your movement from page to page so you don't get asked for the same information you've already given to the site. Cookies allow you to proceed through many pages of a site quickly and easily without having to authenticate or reprocess each new area you visit. This piece of string or login session is destroyed when we click on 'Sign Out' option.
Just visit yahoo.com and Type in browser
Code:
javascript:alert(document.cookie);
You would get a pop up box showing you the cookies left by yahoo on our PC.
Now login to your account and do same thing, you would see some more elements added to the cookies. These represent sessions ids.
So it means sessions are stored in our browser in form of cookies.
An attacker can steal that session by convincing slave to run a piece of code in browser. Attacker can use that stolen session to login into slave's account without providing any username/password. This attack is very uncommon because when the slave clicks 'Sign out', session gets destroyed and attacker too also gets signed out.
Note : But in case of yahoo, it’s not the same. The attacker doesn’t get signed out when slave clicks 'Sign out'. Though the session automatically gets destroyed after 24hrs by yahoo. But when user simply refreshes the windows in yahoo account, he gets sessions again for next 24 hrs. This means, once the yahoo account session is stolen, attacker can access the account for life time by refreshing window in every 24hrs. I am not actually sure whether its 24 or 48 hrs.
What is a Session Hijacking Attack?
A session hijacking attack is basically an act of capturing session cookies and injecting it into your own browser to gain acess to victims account.
What is a Cookie Stealer?
A cookie stealer is basically a script used to steal victims authentication cookies, Now for a cookie stealing process to work the website or the webpage should be vulnerable to an XSS attack, This is the most common and widely known misconception among newbies.
1. The attacker creates a PHP script and uploades it to a webhosting site.
2. The attacker then asks the victim to visit that particular link containing the PHP code.
3. Once the victim visits it his/her authentication cookie is saved in a .txt file.
4. Next the attacker uses a cookieinjector or a cookie editor, There are lots of firefox addons, google chrome extensions to do the work for you.
Eg: Cookie manager v1.5.1
You can also use the webdeveloper toolbar to do the work for you.
5. The attacker replaces his own cookies with the victims cookies as a result of which the victims session is hijacking.
So now that you understand the theory and applications of cookies, you're probably wondering how you can edit them on your own. There are many ways to use or change our browser cookies, such as javascript injections, dozens of firefox addons, etc. My favorite way is by using a firefox addon called Firecookie, which is actually an extension to another firefox addon, firebug. You can download them from mozilla's official addon site (firebug must be installed first):
Firebug: https://addons.mozilla.org/en-US/firefox/addon/1843
Firecookie: https://addons.mozilla.org/en-US/firefox/addon/6683
Well this trick won't work on all Yahoo,Gmail,...accounts and as Yahoo/Gmail now offers End to End https:// encryption, Which encrypts the session token so even if we could get our hands on the GX cookie it's useless, but if a user has turned off the End to End https:// encryption in gmail,yahoo.. it can work for sure.
Hope you all have liked it....
IF you have any queries ask me in comment bellow.....
0 comments:
Post a Comment