Cookie Injection With A Firefox WebBrowser
Now there are variety of plugins used to inject cookies in your browser, depending on which browser you are using, I would recommend you the use of firefox browser as it supports vast number of cookie injection plugins.Web Developer Toolbar
Webdeveloper toolbar is an addon for the firefox browser it makes the process of injecting cookies extremely easy. All you have to do is to install the webdeveloper toolbar, Click on the cookies drop down menu and click on the cookie you want to edit.
Once you have clicked on the edit cookie option, You will be brought to the following screen:
Next replace your cookie value with the victims cookie value.
Now if you have captured cookies using wireshark, then instead of using Webdeveloper toolbar, you can use Cookie injector to
inject session cookies directly in to your browser. All you need to do
is to press Alt+C after installing the cookie injector and then just
paste the wireshark cookie dump and press ok. After you have done so,
Just refresh your browser and you will be in victims account.
Note: In order to install Cookie injector script you would need to first install Greasmonkey plugin for firefox
CookieManger
is one of my most preferred choice for performing a Session hijacking
hijacking, Since it's very user friendly and extremely easy to use. You
can view CookieManager's usage guide here.
Cookie Injection With Google Chrome
If
you are too lazy to use firefox for cookie injection, then luckily
there are few extensions on google chrome used to inject cookies into
your browser and take control of the victims account. One of my favorite
cookie injecting extensions is Cookie editor by Philip, It sports a very unfriendly interface.
Drawbacks of Session Hijacking Attack:
With so many advantages of a session hijacking attack there are some drawbacks that you also need to know.
1. First of all cookie stealing becomes useless if victim is using a https:// protocol for browsing and end to end encryption is enabled.
2. Most of the cookies expire once the victims clicks on the logout button and hence the attacker also logs out of the account.
3. Lots of websites do not sport parallel logins which also makes cookie stealing useless.
Protection Against A Session Hijacking Attack
The best way to protect yourself against a session hijacking attack is to use https:// connection each
and every time you login to your Facebook, Gmail, Hotmail or any other
email account. As your cookies would be encrypted so even if an attacker
manages to capture your session cookies he won't be able to do any
thing with your cookies.
So
freinds, I hope you have enjoyed the Gmail Session hijacking and cookie
stealing series, Depending on readers response I might make a tutorial
on Facebook Session hijacking too. If you have any questions feel free
to ask.
Steps For Downloading This File
Step 1 : Share This Post by Using the Facebook and Googleplus Buttons given Below (Its an Important Step).
Step 2 : Then by clicking the Download Links given above, a adPage will appear just Skip it.
Step 3 : After that a survey page will appear which is Simple to Finish , and then you can download this File.
(Note-You Have to Complete these Following Steps To Download the File Otherwise Some Error May Occur During Downloading Process)
0 comments:
Post a Comment