Monday, April 8, 2013

Cookie Stealing-the easy way. Explained



This method is about cookie stealing, but NOT with WireShark :)

So... This method via lan sniffing, that helped me a lot to understand how this works.

Lets see, the most interesting facebook accounts we want to hack is mostly far from us. It's very rare, when your ex-girlfriend or your boss browsing facebook without HTTPS on your WLAN :)

I don't know if it's vulnerabilty or not, but Firefox and Chrome have a serious problem with cookies!
Maybe IExplorer too, but nobody using IExplorer nowadays.

The "problem" is, they storing our cookies in ONE SINGLE FILE!
If you replace this file, they won't check it's size, or date.

So, if you somehow could steal cookie files from others, you can access all of their websites, in which they're logged in. Facebook, Gmail, Youtube, etc.

Chrome Cookie file:
C:\Users\[username]\AppData\Local\Google\Chrome\User Data\Default\Cookies

Cookies is the filename, it hasn't got any extensions so it looks like a directory here, but it's a file.

FireFox Cookie file:
C:\Users\[username]\AppData\Roaming\Mozilla\Firefox\Profiles\[random string].default\cookies.sqlite

It's a little bit tricky, because of the random string in the path, but if you're looking for it manually it causes no problems.

You must copy these files and replace your own cookie files with the stolen ones, then you're logged in :)
It is not just a logical idea but a tested one.
 
But!!!!
If you LOG OUT FROM THE STEALED FACEBOOK, you can never log in again, with the same cookie!
You must steal again, if the victim logged in!
You should copy your original cookie file and make a backup, and if you finished browsing, just replace the stealed file with the original, so you're in your facebook again, without logging out.

It's important too, to close the browser before replacing the cookie files!
Happy Stealing!!!

Countermeasures
  • Never allow anybody to access your C drive or the drive where the browser is installed.
  • Better to keep a habit of locking down the user account whenever you are out for a span.
  • Never check the checkbox on any website to remember the Username and Passwords. 
  • Always sign out from the accounts.

1 comment:

Anonymous said...

R cookies theones that ask u try again w/the funky words backwards and crackled? If do can they c who went there even without opening it or trying the words?