Tuesday, 15 January 2013

Web Application Hacking : Cookie Stealing

Cookie Stealing

                                 Cookies are small datas (usually 4KB in size) that are stored in clients browser . They are usually generated at the server by the server side scripting language . After that they are sent back and stored at the client browser.They help in tracking necessary information like the time of access,username,session information,etc of the client who is logged into a particular website  

                                 In this tutorial I am going to show how cookies are being stolen and logged into a separate file.


                                                                      CAUTION
"This tutorial should be used for educational purpose only. I won't be responsible if you misuse this techniques and get yourself in trouble.Performing such attacks without the permission of the owner can lead to serious trouble."


                                Here is the HTML code of the login form of a sample application.



Now I need to write a server side scripting language to generate cookies to store username and password for a particular user in the browser .


The above piece of code is written in PHP and it does two work

  • It generates cookies
  • It includes a file containing the comments of the users.
                           Now I need one more thing i.e a cookie stealing script.
Download here :https://github.com/dibsy/codesec/blob/master/cookieStealer.php 

Now I am going to place the cookie stealing script and the log file at a remote server or may upload to a hosting website.

Now say suppose there is a forum which allows users to post their comments.Say for examples some thing like this
Now I am going to inject some codes here. I am going to redirect the cookies to a cookie stealing script in this way.



Now my script is ready to accept and log any sort of cookies that are stored in the browser  of any client whoever is trying to access the comment section.

Now say someone logs into his/her account

username=admin
password=password


And now if I check the log file of the cookies where the cookies are stored then I can find my cookies logged



------------------------------------ Thanks for reading----------------------------------