hapster Posted April 9, 2009 Share Posted April 9, 2009 Hello. I've been playing around with wireshark and arpspoof for some time now and I've seen some packets with cookies in them however, these cookies don't seem to be in plain text. For example, a packet contained this cookie: userinfo=a%3A8%3A%7Bs%3A8%3A%22 ... and so on... Does this mean that the cookies are encrypted? Seems like hash to me.. Can I still make use of this information? Quote Link to comment Share on other sites More sharing options...
DingleBerries Posted April 9, 2009 Share Posted April 9, 2009 That is very possible. Yahoo! and RapidShare 'try' to use some sort of encryption when handing out cookies, however both algos have been broken so you have tools to read them. It would help if you could tell us the site where that cookie is coming from. Quote Link to comment Share on other sites More sharing options...
digip Posted April 9, 2009 Share Posted April 9, 2009 Hello. I've been playing around with wireshark and arpspoof for some time now and I've seen some packets with cookies in them however, these cookies don't seem to be in plain text. For example, a packet contained this cookie: userinfo=a%3A8%3A%7Bs%3A8%3A%22 ... and so on... Does this mean that the cookies are encrypted? Seems like hash to me.. Can I still make use of this information? That is just URL encoded data. It says a:8:{s:8:" which is probably just control data it parses for values of specific user settings. Quote Link to comment Share on other sites More sharing options...
hapster Posted April 10, 2009 Author Share Posted April 10, 2009 That is very possible. Yahoo! and RapidShare 'try' to use some sort of encryption when handing out cookies, however both algos have been broken so you have tools to read them. It would help if you could tell us the site where that cookie is coming from. I see. It also seems all sites I try to visit and sniff packets from my own machine are encrypted. I can't even see html content in plain text. Does this mean the demos done here in this show such as the pineapple router are already rendered useless? Or is it just me and my machine's settings that causes me not to see html data from the packets that I sniff from my machine.XD ? Quote Link to comment Share on other sites More sharing options...
hapster Posted April 10, 2009 Author Share Posted April 10, 2009 My mistake... I see html now. Only it's in the line-based text data portion of a sniffed http packet. How does wireshark get this data? Quote Link to comment Share on other sites More sharing options...
digip Posted April 10, 2009 Share Posted April 10, 2009 Quote Link to comment Share on other sites More sharing options...
hapster Posted April 10, 2009 Author Share Posted April 10, 2009 nvm. lol. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.