Demonstrate the Danger of Cookie in Web Application

ivan123's Avatar, Join Date: Jun 2009
Newbie Member
Hi,

I would like to know how cookie can be a danger in web application.
I did some research, and they mention cookie stealer, but i am not able to
piece everything up into a picture. For an example: what kind of language will
be affected, what are the tools to use for the stealing, etc.

Anyone has a good and simple demo? By the way this is part of an assignment.
Not intend to be used for attack on any kind of existing web site. It will be great if
someone can come out a demo.
P455w0rd_Cr4kz's Avatar, Join Date: Jan 2007
Ambitious contributor
I won't provide an example,however if you have a cookie grabber script,whoever visits that script,leave information such as ip adress,browser used and of course your session cookies from the site you were.
Now,let's say you're logged in your hotmail account,and i send you a masked link wich will read like
http:/microsoft.support%897%Y%JJG%HUUU <--all that jibberish is hiding the real url of my malicious site. Now click on it,i got your cookies and if you left your session open,i can use your cookies to login into your account.
HOW? simple,addons for firefo browser has a cookie editor,so i clean my own cookies,write yours and hit reload.
Good tutorial was written by fourthdmension,lok for it.

Regards
ivan123's Avatar, Join Date: Jun 2009
Newbie Member
Hi P455w0rd_Cr4kz,

Thanks for replying my post.
I can understand why you are not able to provide an example.
Anyway, would like to check with you where to got hold of fourthdmension's tutorial?

Thanks
P455w0rd_Cr4kz's Avatar, Join Date: Jan 2007
Ambitious contributor
My pleasure Ivan 123, below are the links of fourthdimension posts related to Cookies stealing and it uses for XSS (cross site scripting)

Article 1
http://www.go4expert.com/showthread.php?t=17066

Article 2
http://www.go4expert.com/showthread.php?t=16641

There is plenty for you to learn thru out the forum,very knowledgeable people here.