Cookie Stealing
Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: Cookie Stealing

  1. #1
    King Tutorial-ankhamun
    Join Date
    Jul 2004
    Posts
    897

    Cookie Stealing

    I知 testing out how cookie stealing works by copying my own cookies from IE (I use Mozilla, but IE is easy to test this with). Specifically, I知 taking the cookie that phpBB uses to store my password in, copying it to another machine, renaming it to match the Windows account I知 logged in under and seeing if it lets me authenticate to my own site. So far it does not, and I guess that痴 a good thing, but my question is why does the above method not work?

  2. #2
    AO bergeek phishphreek's Avatar
    Join Date
    Jan 2002
    Posts
    4,325
    You need to export and import the cookies. Then it *should* work.
    Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.

  3. #3
    King Tutorial-ankhamun
    Join Date
    Jul 2004
    Posts
    897
    Opps, I think I made another mistake. I choose the wrong cookie, the one I have may not have the login information in it. Thanks for the pointer Phish.

  4. #4
    Macht Nicht Aus moxnix's Avatar
    Join Date
    May 2002
    Location
    Huson Mt.
    Posts
    1,752
    Dag Nab It.....think your stealing a chocolet chip and get an oatmeal cookie instead.
    (sorry, just couldn't resist that......heh heh heh)
    \"Life should NOT be a journey to the grave with the intention of arriving safely in an attractive and well preserved body, but rather to skid in sideways, Champagne in one hand - strawberries in the other, body thoroughly used up, totally worn out and screaming WOO HOO - What a Ride!\"
    Author Unknown

  5. #5
    AO bergeek phishphreek's Avatar
    Join Date
    Jan 2002
    Posts
    4,325
    Who took the cookies from the cookie jar?
    Moxnix took the cookies from the cookie jar.

    Moxnix: Who me?
    AO: Yes you.
    Moxnix: Couldn't be.
    AO: Then who?

    .......................

    Uh... time for bed. My brain is officially fried...

    12hrs in a classroom will do it.
    8hrs in a upgrading admin skills from 2k server to 2k3 server workshop and then another 4hrs doing boolean algebra. ouch...
    Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.

  6. #6
    King Tutorial-ankhamun
    Join Date
    Jul 2004
    Posts
    897
    If you two keep up the bad jokes I think I知 going to be sick and lose my cookies.

  7. #7
    AO bergeek phishphreek's Avatar
    Join Date
    Jan 2002
    Posts
    4,325
    Hey now! Watch where you're tossing those cookies...
    Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.

  8. #8
    King Tutorial-ankhamun
    Join Date
    Jul 2004
    Posts
    897
    Back to the subject: I did some playing around. What if all you have is a cookie file and can not get to the computer to do the export (as an attacker may not be able to do)? Is there a way if all they have is the cookie file?

  9. #9
    AO bergeek phishphreek's Avatar
    Join Date
    Jan 2002
    Posts
    4,325
    I'm not all that good with web security yet. (I'm still learning)

    I beleive that there are a couple of vulnerabilities in different web browsers that allowed an attacker to steal cookies. Google has come up with a couple of them.

    Or, I know that an attacker can sniff your cookies and then play them back to the server.

    Sorry, thats out of my scope. I've got a lot to learn about web security. I don't run webservers... so its always been a low priority for me.
    Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.

  10. #10
    Thats XSS (cross site scripting) bro! Go check it out...

    AO was vulnerable to that a month or 3 ago... Like every CMS and forum software has been vulnerable to it at least once.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •