1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Demonstrate the Danger of Cookie in Web Application

Discussion in 'Ethical hacking' started by ivan123, Jun 13, 2009.

  1. ivan123

    ivan123 New Member

    Joined:
    Jun 13, 2009
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    0
    Hi,

    I would like to know how cookie can be a danger in web application.
    I did some research, and they mention cookie stealer, but i am not able to
    piece everything up into a picture. For an example: what kind of language will
    be affected, what are the tools to use for the stealing, etc. :nonod:

    Anyone has a good and simple demo? By the way this is part of an assignment.
    Not intend to be used for attack on any kind of existing web site. It will be great if
    someone can come out a demo. :nice:
     
  2. P455w0rd_Cr4kz

    P455w0rd_Cr4kz New Member

    Joined:
    Jan 12, 2007
    Messages:
    199
    Likes Received:
    12
    Trophy Points:
    0
    Location:
    H3LL
    Home Page:
    I won't provide an example,however if you have a cookie grabber script,whoever visits that script,leave information such as ip adress,browser used and of course your session cookies from the site you were.
    Now,let's say you're logged in your hotmail account,and i send you a masked link wich will read like
    http:/microsoft.support%897%Y%JJG%HUUU <--all that jibberish is hiding the real url of my malicious site. Now click on it,i got your cookies and if you left your session open,i can use your cookies to login into your account.
    HOW? simple,addons for firefo browser has a cookie editor,so i clean my own cookies,write yours and hit reload.
    Good tutorial was written by fourthdmension,lok for it.

    Regards
     
  3. ivan123

    ivan123 New Member

    Joined:
    Jun 13, 2009
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    0
    Hi P455w0rd_Cr4kz,

    Thanks for replying my post.:nice:
    I can understand why you are not able to provide an example.
    Anyway, would like to check with you where to got hold of fourthdmension's tutorial?:thinking:

    Thanks :D
     
  4. P455w0rd_Cr4kz

    P455w0rd_Cr4kz New Member

    Joined:
    Jan 12, 2007
    Messages:
    199
    Likes Received:
    12
    Trophy Points:
    0
    Location:
    H3LL
    Home Page:

Share This Page