Hi, I would like to know how cookie can be a danger in web application. I did some research, and they mention cookie stealer, but i am not able to piece everything up into a picture. For an example: what kind of language will be affected, what are the tools to use for the stealing, etc. :nonod: Anyone has a good and simple demo? By the way this is part of an assignment. Not intend to be used for attack on any kind of existing web site. It will be great if someone can come out a demo. :nice:
I won't provide an example,however if you have a cookie grabber script,whoever visits that script,leave information such as ip adress,browser used and of course your session cookies from the site you were. Now,let's say you're logged in your hotmail account,and i send you a masked link wich will read like http:/microsoft.support%897%Y%JJG%HUUU <--all that jibberish is hiding the real url of my malicious site. Now click on it,i got your cookies and if you left your session open,i can use your cookies to login into your account. HOW? simple,addons for firefo browser has a cookie editor,so i clean my own cookies,write yours and hit reload. Good tutorial was written by fourthdmension,lok for it. Regards
Hi P455w0rd_Cr4kz, Thanks for replying my post.:nice: I can understand why you are not able to provide an example. Anyway, would like to check with you where to got hold of fourthdmension's tutorial?:thinking: Thanks
My pleasure Ivan 123, below are the links of fourthdimension posts related to Cookies stealing and it uses for XSS (cross site scripting) Article 1 http://www.go4expert.com/showthread.php?t=17066 Article 2 http://www.go4expert.com/showthread.php?t=16641 There is plenty for you to learn thru out the forum,very knowledgeable people here.