Hacking cookies

 If you find some kind of custom cookie containing sensitive data (sessionID, username, emails...) you should definitely try to exploit it.

Decoding the cookie:-

If the cookie is using some Base encoding (like Base64) or similar you may be able to decode it, change the content and impersonate arbitrary users.

Session Hijacking:-

Steal a cookie and use it to impersonate the user inside an application.

Session fixation:-

The attacker get a cookie from a web page and send to the victim a link so the victim logins using the cookie of the attacker. If the cookie is not changed when a user logs in, this could be useful because the attacker could be able to impersonate the user using the cookie.

Comments

Post a Comment

Popular posts from this blog

How to decrypt message with CryptoJS AES

  Javascript code to decrypt message using crypto js : - data = " IYkyGxYaNgHpnZWgwILMalVFmLWFgTCHCZL9263NOcfSo5lBjAzOZAtF5bF++R0Bi+9c9E+p3VEr/xvj4oABtRWVJ2wlWzLbYC2rKFk5iapFhb7uZCUpO4w4Su3a5QFa2vInjYueziRoqySZd/DpstMJ8rsJ94VGizFFFZ1l0sw1ax+wfBA v5+wHs/hlnHi/ea66KBO3rgXKahvV28h+4bh5etc8RCrmiiNbfg6Oj0jQJDjdYIdW8T9YPOI9E1hih8lbfRnMWcOFJgYekfLpoy5LI525UGnlM46J1k6ekLqsn9FqvbiOOoLgqa4YqBm1i9P0ePyjkME+t+RiL8xXX+ItgOYr9G7kM64wlTJPCW8B/crmUdmGzQNC/hD/u/8wfHBS2f8u6OtQMG/+Kpk1oju8lcUZGI/4S8A6/OuktvQr2zgnbs2aADMrM37Oait/pJ3G73S7NwVT8EaK+X43c0C/fUvW2/bD/rqCNpAh9WQlz4Cj6JHwjbmwuind6aCimF1tHjXuR9FXu+g17sPT4ZkKZ6aeBG+m170XdCGn2hVM0wH1rh3VeCG2u/JFqfuGKGSoqeHeNY/icu9pEhtZDzHd7aPoaMXcWvXC9PjooBf7GM1EPacSdnon1kBobjtKSt1l15DjO5TMrJoX7VO7GotQwo+uI/u5Kop01hBXxyxyggl1/8N0ESohPJoqLDrIwvbGK5kW4B49FVPnx9CMvjZDdSsoxPAh+hx6SPe8Hj0Nx4bRs06cbtOkte/V8QSYIqjiJDleEqPrdiKlvgToZz9L29ZR/3Ln65qU1sq7q9c0SEYxIopV7TdTjFS7y76zDPFZkhzc3DjfLtJo/M1hdtt648APcZdmAIgWH6fh3eJZ0qbiPh8RStYH7I2COmnlMw4+t/B5mlhYVSgwPK2Ir736Mh+P9Bw...
Read more

libcurl (curl-impersonate) bindings for Node.js

  Description  :-   libcurl is a free and easy-to-use client-side URL transfer library, supporting DICT, FILE, FTP, FTPS, Gopher, HTTP, HTTPS, IMAP, IMAPS, LDAP, LDAPS, POP3, POP3S, RTMP, RTSP, SCP, SFTP, SMTP, SMTPS, Telnet and TFTP. libcurl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies, user+password authentication (Basic, Digest, NTLM, Negotiate, Kerberos), file transfer resume, http proxy tunneling and more! Note:- This library cannot be used in a browser, it depends on native code. Installation :- npm i node-libcurl --save Or yarn add node-libcurl Further description :- https://github.com/SwapnilSoni1999/node-libcurl-impersonate
Read more

How to take screenshot on windows

  The Windows key + Print Screen:- To take a screenshot on Windows 10 and automatically save the file, press  the Windows key + PrtScn . Your screen will go dim and a screenshot of your entire screen will save to the Screenshots folder. Alt+Print Screen:- To capture only the active window you're working in, press Alt + PrtScn. Using Snipping Tool:- just press the Windows Key + Shift + S.
Read more