Jump to content

Cookie Jacking


newbi3
 Share

Recommended Posts

I've been working on this program I call Mmrgh for about 5 months now and after this weeks episode of Hak.5 when they were talking about stealing cookies I decided to automate the process in my program. I was really surprised how easy it was to do! Chrome hasn't even attempted to put security on theirs and it looks like Firefox tried to but it was really easy to get around. Anyways here's a video of my work if you want to see it.

https://www.youtube....eature=youtu.be

And you guys can go ahead and add me on Facebook if you saw my name :P

Link to comment
Share on other sites

It'd be hard to secure cookies. Even if it could encrypt the cookie and decrypt it at run time, then the attacker would look for the encryption key or info leading to the encryption key instead.

Was that a custom protocol? Be interesting to hear how it was done in java (assuming it's in java since I saw the ide in your video).

Link to comment
Share on other sites

Looks like a RAT that just copied back the cookies from the victim pc to the attacker's PC, but I could be wrong. When I saw the topic, I was thinking more of a new sidejacking tool or such, like Hamster and Ferret or that one POC tool someone made for FF as an addon. This just looks like straight up RAT tool though, so if you have access to the users environment, I'm going to assume you can copy off any files, cookies probably not even needed since you could probably just keylog their passwords from any sites they visit anyway. What kind of detection rate does the tool get on things like Virus Total though? Have you tested this with any of Anti-Virus software out there? Whats the process of getting the java attack files on the victim's PC, and for me, since I don't run Java at all, what do you do then?

Link to comment
Share on other sites

Looks like a RAT that just copied back the cookies from the victim pc to the attacker's PC, but I could be wrong. When I saw the topic, I was thinking more of a new sidejacking tool or such, like Hamster and Ferret or that one POC tool someone made for FF as an addon. This just looks like straight up RAT tool though, so if you have access to the users environment, I'm going to assume you can copy off any files, cookies probably not even needed since you could probably just keylog their passwords from any sites they visit anyway. What kind of detection rate does the tool get on things like Virus Total though? Have you tested this with any of Anti-Virus software out there? Whats the process of getting the java attack files on the victim's PC, and for me, since I don't run Java at all, what do you do then?

Yeah it is a RAT and I do have support to upload any file from the victim but I thought since I want to get in and out quickly I would go ahead and make it automatically grab it for me. As far as Anti Virus is concerned I have yet to get detect by anything, I have done multiple tests with Malware Antibytes, and I have tested it with Avira and AVG. Not only that but one of my more tech savy zombies thought they had a virus (because I popped up a message that said they were over heating when they weren't) so they ran kaspersky and it didn't detect it. I think traditional black listing AV's don't pay much attention java or I just haven't done anything to set it off yet. At the moment I have been keeping my attack spectrum very narrow incase something goes wrong I don't lose a whole bunch of zombies. But the attack is very simple, I just go around to open or WEP encrypted networks, get access, fire up ettercap and apache and I spoof websites to look like their browsers error page when it can't connect and preform a Java Rhino attack from that which downloads and executes Mmrgh then the user will usually disconnect from the network and reconnect (so I don't have to flush their cache my self) and once they reconnect I have access to that machine.

Edited by newbi3
Link to comment
Share on other sites

  • 1 year later...
  • 5 months later...

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...