Jump to content

Encrypted Cookies and Wireshark

hapster

By hapster
in Security

 Share

Recommended Posts

hapster Newbie

hapster

Posted
Posted

Hello. I've been playing around with wireshark and arpspoof for some time now and I've seen some packets with cookies in them however, these cookies don't seem to be in plain text.

For example, a packet contained this cookie:

userinfo=a%3A8%3A%7Bs%3A8%3A%22 ...

and so on...

Does this mean that the cookies are encrypted? Seems like hash to me.. Can I still make use of this information?

Link to comment
Share on other sites
DingleBerries Newbie

DingleBerries

Posted
Posted

That is very possible. Yahoo! and RapidShare 'try' to use some sort of encryption when handing out cookies, however both algos have been broken so you have tools to read them. It would help if you could tell us the site where that cookie is coming from.

Link to comment
Share on other sites
digip Newbie

digip

Posted
Posted
Hello. I've been playing around with wireshark and arpspoof for some time now and I've seen some packets with cookies in them however, these cookies don't seem to be in plain text.

For example, a packet contained this cookie:

userinfo=a%3A8%3A%7Bs%3A8%3A%22 ...

and so on...

Does this mean that the cookies are encrypted? Seems like hash to me.. Can I still make use of this information?

That is just URL encoded data. It says a:8:{s:8:" which is probably just control data it parses for values of specific user settings.

Link to comment
Share on other sites
hapster Newbie

hapster

Posted
  • Author
Posted
That is very possible. Yahoo! and RapidShare 'try' to use some sort of encryption when handing out cookies, however both algos have been broken so you have tools to read them. It would help if you could tell us the site where that cookie is coming from.

I see. It also seems all sites I try to visit and sniff packets from my own machine are encrypted. I can't even see html content in plain text. Does this mean the demos done here in this show such as the pineapple router are already rendered useless? Or is it just me and my machine's settings that causes me not to see html data from the packets that I sniff from my machine.XD ?

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...