Web Security Session Cookie Hijacking

View previous topic View next topic Go down

Web Security Session Cookie Hijacking

Post by jamied_uk on 18th November 2015, 18:32

Session hijacking attack

https://www.owasp.org/index.php/Session_hijacking_attack



Hijacking With Python
http://hackwhiz.com/2015/01/facebook-cookie-stealing-and-session-hijacking/
https://github.com/pyinstaller/pyinstaller/wiki

Download Cookies Manager+ addon for firefox

Here is the path to firefox’s cookie folder:

C:\Users\\AppData\Roaming\Mozilla\Firefox\Profiles\\cookies.sqlite

Now, what the malware does:

1. Finds the path to the cookie database and kills the firefox process.

2. Opens the sqlite database file and steal the cookie values from there.

3. Removes all the facebook cookies from the DB. [The main part]

4. Sends the cookie data to the attacker.


Python Code
https://github.com/pyinstaller/pyinstaller/wiki

pip install pyinstaller #  supports Python 2.7, 3.4—3.5



https://security.stackexchange.com/questions/2087/how-to-hijack-a-session
http://www.rafayhackingarticles.net/2011/07/facebook-cookie-stealing-and-session.html

Step 1 - First of all download wireshark from the official website and install it.

Step 2 - Next open up wireshark click on analyze and then click on interfaces.

Step 3 - Next choose the appropriate interface and click on start.

Step 4 - Continue sniffing for around 10 minutes.

Step 5 - After 10minutes stop the packet sniffing by going to the capture menu and clicking on Stop.

Step 6 - Next set the filter to http.cookie contains “datr” at top left, This filter will search for all the http cookies with the name datr, And datr as we know is the name of the facebook authentication cookie.

Step 7 -  Next right click on it and goto Copy - Bytes - Printable Text only.

Step 8 - Next you’ll want to open up firefox. You’ll need both Greasemonkey and the cookieinjector script. Now open up Facebook.com and make sure that you are not logged in.

Step 9- Press Alt C to bring up the cookie injector, Simply paste in the cookie value into it.

Step 10 - Now refresh your page and viola you are logged in to the victims facebook account.


in wireshark use filter as below and look for packets with get requests

http.cookie

Further Learning!

https://youtu.be/P_u3g95bzIE
https://youtu.be/Qg56tTJ3VGE
https://youtu.be/5fIxbNg03ao
https://www.owasp.org/index.php/Man-in-the-middle_attack
https://www.owasp.org/index.php/Man-in-the-browser_attack
http://resources.infosecinstitute.com/session-hijacking-cheat-sheet
http://packetcode.com/article/preventing-session-hijacking-in-php
https://youtu.be/sY0mUxokQ0c
https://www.youtube.com/watch?v=qJi-jyi6948
https://www.youtube.com/watch?v=O90lSMmTjjo
https://www.youtube.com/watch?v=2GH6RRozOpY
https://youtu.be/2ctRfWnisSk

Keep Up To Date

https://www.google.co.uk/search?q=SESSIOn+hijacking+in+1+code&ie=utf-8&oe=utf-8&gws_rd=cr&ei=ZrpMVrWHE4ONPZXPg6gI
avatar
jamied_uk
Admin

Posts : 2260
Join date : 2010-05-09
Age : 34
Location : UK

http://address-shortner.co.uk

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum