WARNING/DISCLAIMER

The Author/Blogger shall hold no liability for special, incidental, or consequential damages arising out of or resulting from the use/misuse of the information in this Blog. It is strictly mentioned that these are all for learning and awareness purpose. Most of the articles are collected from various sources and many of them are blogger's own which meant for helping people who are interested in security system or beginners help for security systems and various IT purposes. Some of the articles are solely intended for IT Professionals and systems administrators with experience servicing computer. It is not intended for home users, hackers, or computer thieves attempting to crack PC. Please do not attempt any of these procedures if you are unfamiliar with computer hardware, software and please use this information responsibly. Binod Narayan Sethi is not responsible for the use or misuse of these material, including loss of data, damage to hardware or personal injury. Information can help you to catch hackers and crackers and other cyber criminals. Information can help you to detect and manipulate the evil motives of these anti social intellectual peoples. Good use of the information protect you from evils and misuse of the information make you evil/criminal. Author of this site will not be responsible for use of material for any illicit mean or illicit act done by anybody in any means.

Binod Narayan Sethi

Binod Narayan Sethi
Programming,Web Development & Graphic Designing are my Hobbies.

Sunday, July 17, 2011

Yahoo Cookie,Gmail Cookie,...Facebook Cookie Stealing And Session Hijacking Introduction

What are cookies and how are they used by websites and web admins?

Cookies is a piece of code which identify you to the site. They store settings about your customized look and feel for the pages you view, your username and encrypted password or user id, who referred you to the site, profile preferences, and just about any kind of information the admins want them to store to customize your user experience. Cookies are most commonly used to give you access to login protected pages once you've entered your information, identify you in content that you change on the site (forum posts or article comments, for example), tell the administrators how you found the site, and more. Again, cookies will function as their creators have written them to function.

In other words when ever you login to a website such as Facebook, Gmail, Orkut etc your browser assigns you a cookie which basically tells the browser that for how long the user should be logged it.

What are session cookies or session IDs or session token?

Whenever we sign into an account it generates a unique piece of string. One copy is saved on server and other in our browser as cookie. Both are matched every time we do anything in our account. Session cookies enable the website you are visiting to keep track of your movement from page to page so you don't get asked for the same information you've already given to the site. Cookies allow you to proceed through many pages of a site quickly and easily without having to authenticate or reprocess each new area you visit. This piece of string or login session is destroyed when we click on 'Sign Out' option.

Just visit yahoo.com and Type in browser

Code:
javascript:alert(document.cookie);

You would get a pop up box showing you the cookies left by yahoo on our PC.

Now login to your account and do same thing, you would see some more elements added to the cookies. These represent sessions ids.

So it means sessions are stored in our browser in form of cookies.

An attacker can steal that session by convincing slave to run a piece of code in browser. Attacker can use that stolen session to login into slave's account without providing any username/password. This attack is very uncommon because when the slave clicks 'Sign out', session gets destroyed and attacker too also gets signed out.

Note : But in case of yahoo, it’s not the same. The attacker doesn’t get signed out when slave clicks 'Sign out'. Though the session automatically gets destroyed after 24hrs by yahoo. But when user simply refreshes the windows in yahoo account, he gets sessions again for next 24 hrs. This means, once the yahoo account session is stolen, attacker can access the account for life time by refreshing window in every 24hrs.
What is a Session Hijacking Attack?

A session hijacking attack is basically an act of capturing session cookies and injecting it into your own browser to gain acess to victims account.

What is a Cookie Stealer?

A cookie stealer is basically a script used to steal victims authentication cookies, Now for a cookie stealing process to work the website or the webpage should be vulnerable to an XSS attack, This is the most common and widely known misconception among newbies.

How the stealing process work?

1. The attacker creates a PHP script and uploades it to a webhosting site.

2. The attacker then asks the victim to visit that particular link containing the PHP code.

3. Once the victim visits it his/her authentication cookie is saved in a .txt file.

4. Next the attacker uses a cookieinjector or a cookie editor, There are lots of firefox addons, google chrome extensions to do the work for you.

Eg: Cookie manager v1.5.1

You can also use the webdeveloper toolbar to do the work for you.

5. The attacker replaces his own cookies with the victims cookies as a result of which the victims session is hijacking.

So now that you understand the theory and applications of cookies, you're probably wondering how you can edit them on your own. There are many ways to use or change our browser cookies, such as javascript injections, dozens of firefox addons, etc. My favorite way is by using a firefox addon called Firecookie, which is actually an extension to another firefox addon, firebug. You can download them from mozilla's official addon site (firebug must be installed first):

Firebug: https://addons.mozilla.org/en-US/firefox/addon/1843
Firecookie: https://addons.mozilla.org/en-US/firefox/addon/6683

Will this hack always work?

Well this trick won't work on all Yahoo,Gmail,...accounts and as Yahoo/Gmail now offers End to End https:// encryption, Which encrypts the session token so even if we could get our hands on the GX cookie it's useless, but if a user has turned off the End to End https:// encryption in gmail,yahoo.. it can work for sure.

How to use Hotfile Cookies for downloading as Premium

1) Sign up a new Free account on the http://hotfile.com site that you want to use premium cookie.

2) Install "Cookie Editor" addon ( https://addons.mozilla.org/en-US/firefox/addon/13793/ ) then restart your Firefox browser.

3) Sign in with your signed account.

4) From the Firefox menu, click to Tools then select Cookie Editor.

5) Double click to "Hotfile" site with "auth" value ( only signing into free account you will able to see under line in picture darked hotfile.com auth ) .


6) Paste this value to "Content" and click to Save button.


7) Copy/Paste the link to the browser that you want to download.

So friends, I hope you all liked it...Enjoy .....

Binod Narayan Sethi

Binod Narayan Sethi
Binod Narayan Sethi

Share

Twitter Delicious Facebook Digg Stumbleupon Favorites More