Go4Expert

Go4Expert (http://www.go4expert.com/)
-   Ethical hacking (http://www.go4expert.com/forums/ethical-hacking-forum/)
-   -   Demonstrate the Danger of Cookie in Web Application (http://www.go4expert.com/forums/demonstrate-danger-cookie-web-t17981/)

ivan123 14Jun2009 01:45

Demonstrate the Danger of Cookie in Web Application
 
Hi,

I would like to know how cookie can be a danger in web application.
I did some research, and they mention cookie stealer, but i am not able to
piece everything up into a picture. For an example: what kind of language will
be affected, what are the tools to use for the stealing, etc. :nonod:

Anyone has a good and simple demo? By the way this is part of an assignment.
Not intend to be used for attack on any kind of existing web site. It will be great if
someone can come out a demo. :nice:

P455w0rd_Cr4kz 14Jun2009 22:49

Re: Demonstrate the Danger of Cookie in Web Application
 
I won't provide an example,however if you have a cookie grabber script,whoever visits that script,leave information such as ip adress,browser used and of course your session cookies from the site you were.
Now,let's say you're logged in your hotmail account,and i send you a masked link wich will read like
http:/microsoft.support%897%Y%JJG%HUUU <--all that jibberish is hiding the real url of my malicious site. Now click on it,i got your cookies and if you left your session open,i can use your cookies to login into your account.
HOW? simple,addons for firefo browser has a cookie editor,so i clean my own cookies,write yours and hit reload.
Good tutorial was written by fourthdmension,lok for it.

Regards

ivan123 17Jun2009 23:31

Re: Demonstrate the Danger of Cookie in Web Application
 
Hi P455w0rd_Cr4kz,

Thanks for replying my post.:nice:
I can understand why you are not able to provide an example.
Anyway, would like to check with you where to got hold of fourthdmension's tutorial?:thinking:

Thanks :D

P455w0rd_Cr4kz 18Jun2009 03:16

Re: Demonstrate the Danger of Cookie in Web Application
 
My pleasure Ivan 123, below are the links of fourthdimension posts related to Cookies stealing and it uses for XSS (cross site scripting)

Article 1
http://www.go4expert.com/showthread.php?t=17066

Article 2
http://www.go4expert.com/showthread.php?t=16641

There is plenty for you to learn thru out the forum,very knowledgeable people here.


All times are GMT +5.5. The time now is 01:21.