Donate to us via Paypal!
Imagination is more valuable than knowledge - Albert Einstein
Sunday, October 25, 2020
Navigation
Home
 Find:
 Information:
Learn
Communicate
Submit
Shop
Challenges
 Exploit:
 Programming:
 Think:
 Track:
 Patch:
 Other:
 Need Help?
Other
Members Online
Total Online: 108
Guests Online: 108
Members Online: 0

Registered Members: 129356
Newest Member: zannes90
Latest Articles

View Thread

HellBound Hackers | Computer General | Web hacking

Author

XSS cookie logger


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 12-01-07 16:11
Thanks to system meltdown iv set up my cookie logger script, once i have someones cookies what do i do with them, i was thinking maybe..

javascript:void(document.cookie="cookies goes in here"Wink

but i ddint have much luck, maybe its me and i got it wrong or maybe its not that at all.

if you think this is a stuipid/obvious question sorry lol, but w all have to learn it somewhere...


Author

RE: XSS cookie logger


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 12-01-07 16:15
you're asking how to steal some1's identity you moron. :angry:

let's boost your warn level some more :happy:




Edited by on 12-01-07 16:15
Author

RE: XSS cookie logger


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 12-01-07 16:16
wtf are you on abuot? im asking how to use a cookie...


Author

RE: XSS cookie logger


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 12-01-07 16:23
Ignore him.

Well it depends whether you got static or dynamic cookies so to speak.

Whether they are a session ID in which they would expire and you could only hi-jack their account for a short space of time or whether the cookie (Like PHPBB forums) store the username and password, in which case, you just decrypt and log in.

There are lots of tutorials about it.

How stuff work etc

Learn about cookies and you will see how you can manipulate them.

Hope that helped =\


Author

RE: XSS cookie logger


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 12-01-07 16:33
thanks flash, helped ALOT ... it didnt have a sessionid so i dont think it was a session one.Frown

if it was a session id, how would i use it?




Edited by on 12-01-07 17:08
Author

RE: XSS cookie logger

Uber0n
Member



Posts: 1963
Location: Sweden‭‮
Joined: 13.06.06
Rank:
Hacker Level 3
Posted on 12-01-07 17:31
A session ID is only valid for a limited amount of time, and if you have a copy of a valid session cookie and enter the site, you'll be logged in as that user. However, if the user logs out or the session expires, you won't be able to use the same session again.


img230.imageshack.us/img230/724/uber0nsig3hj6.gif
http://uber0n.web. . .
Nope http://uber0n.webs.com/
Author

RE: XSS cookie logger


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 12-01-07 19:16
ok but what if i had the cookie on a html file on a webpage


Author

RE: XSS cookie logger


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 12-01-07 20:27
@the_flash's response. one thing to add to that is you don't always have to decrypt the password hash in the cookie to login. simply login with your username on the site, then change your cookies to theirs. then there is no problems about cracking the hash.


Author

RE: XSS cookie logger


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 13-01-07 09:50
easy as that, use firefox plugins anec cookie edit