Jump to content

Favorite cookie stealing and session hijacking method


kerpap
 Share

Recommended Posts

I am interested in what some of you use during your pen-tests to hijack sessions and steal cookies.

this is a subject that I am a bit of a novice at.

What I like to do is filter traffic in wireshark using the http.cookie option and using firecookie to edit the session.

I have found this to not work all the time. as I said, I am also a beginner at session hijacking attacks and mitigation.

are there better options? what is your favorite session hijacking platform/methods?

Link to comment
Share on other sites

hamster and ferret work a treat, but even just wireshark, copy and paste the cookie into a text editor, and then manually injecting via the site and address bar, which you can do like so:


javascript:alert(document.cookie);
See what cookies are stored for the site you are on. Want to add one(or many):


javascript:document.cookie="foo=bar;poop=12345;";
Then you cna check your browser for the cookies on that domain, or, dump them all again to see if your browser returned the ones you manually added:


javascript:document.write(document.cookie);
Semicolons separate cookies, so after each one, is a new cookie name and its value(s).

This is very crude but a basic example of reading your own, and then adding cookies on the site you're currently on if you have captured cookies to manually inject. There are tools that automate a lot of this already though, so read up on them and see whats out there. Almost all tools to capture and sniff cookies, are going to require a mitm of the tartget machine in most cases unless they are just floating on a network thats broadcasting to everyone, which these days, no one's using hubs, so don't count on seeing free flying cookies unless unsecure wifi and even then, a MITM would better achieve capture of not just cookies, but with the right tools, get you the logins so you don't even need the session cookies to login, some of which capture email and ftp credentials, so there is a whole other side to this than just cookies.

Edited by digip
Link to comment
Share on other sites

  • 1 month later...

Subterfuge has a good session hijack module and allows your to reduce the victims session from https to http.

You can do it manually, by creating a MITM attack using Arpspoof, SSL Strip, Wireshark and Firefox addons Grease Monkey and Injection script for injecting the session cookie.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...