How to exploit a victim's cookie?

On the web, we often come across articles explaining how to retrieve cookies from a victim with sniffing tools or exploitation of XSS flaws. By cons, we never find the way to use the cookie.

In general, the cookie is a small text file, which is stored by a website on your hard drive. This storage is done by your browser. This is used by the web site you visit to recognize you. So when several days after your visit, you return to the same site, it will ask your cookie, and if it is still present on your hard disk, the website will read the information in the cookie and jump you to your session without authentication.

The goal of the hacker, so is usually to steal the cookie of the victim to use the content.

In this article we will see how to operate and use the cookie. Assuming that you have already retrieved the cookie of a target using a sniffer or with an attack by the environment or may be by going directly to the computer of a relative.

I have the cookie of the victim but how to exploit it?

For this you will need the following tools:

Greasemonkey
Greasemonkey is a Firefox addon that allows to use in JavaScript scripts on different web pages.
* cookie injector
Cookies Injector is a script that allows to inject the cookie string in any Web page.

Example of use

After installing both tools, we will retrieve the cookie from Facebook on a Chrome browser and inject the Firefox browser (it's still the same principle to the use of cookies on other websites).

To do this, follow the steps below:

1. Open your Chrome browser and start www.facebook.com, enter the login and password
2. Then type in the address bar the following code: "javascript: document.cookie" to retrieve the cookie facebook account
3. Copy the displayed cookie.



4. Now open Facebook in Firefox browser
5. Type the following keys: ALT + C
6. Paste the cookie in the text field


7. Finally relaunch Facebook so you can access your session on the Firefox browser without validating any ID or password.

To access the session of a target, just change your cookie in the cookie of the victim. :)

Remember that the best support for this blog is to like and share our articles! 😉
Previous
Next Post »