H@CK T@LK 4 N00BS - S!DEJACK!NG

in #blog7 years ago

Today I am going to talk to you about something called Web cookie stealing. Today I will discuss how you can steal cookies when on LAN or WiFi Network using a technique called Sidejacking.

SessionHijacking.jpg

When you login to any website by submitting your username and password, the server first checks if an account matching this information exists and if so, replies back to you with a “authentication cookie” which is then stored by your browser for all subsequent requests and to keep you logged-in.

What is Sidejacking?

Sidejacking (also known as session hijacking) is when an attacker gets a hold of a user’s cookie, allowing them to do anything the user can do on a particular website. In other words, the attacker can now make use of your cookie to impersonate your account and can do everything a user can do when logged-in to any website.

It is very common for websites to encrypt the login process, which should protect your account.

BUT it is very uncommon for Websites to encrypt everything else after you login(eg:cookies). This makes the cookie and the user vulnerable. On an open wireless networks like WiFi, cookies are basically shouted through the air, making these type of attacks extremely easy, yet very popular websites continue to fail at protecting their users.

There are two major steps to the sidejacking attack.

The first step is Capturing Packets
There are many, many tools available to sniff packets. Not going to get into details, but a common tool used especially among beginners is Wireshark

hack.jpe

The second step is Using the captured cookies
Once you have the cookie information, the next task is to use this information to get access to victims user account. Using Sniffed Cookie you can actually login to your victims account even without knowing his/her password.
To do this you will require browser plugin that can manage and edit cookies.
For firefox Browser, you can use Cookie Manager or Edit Cookies to do this task.
Chrome users can checkout: Edit This Cookie or Cookie Manager.

I wont give a full tutorial, or explain steps in detail. The best way to master something is to do your own research and try on your own. If someone always does something for you are you ever really learning?