-1

As part of an exercise, I need to sniff cookies from a login page and inject them in the same login page. If the cookie injection is successful the user must be login without entering the user name and password.

I sniffed the cookies. I found three key:value pairs as follows:

FN_cookie_accept-20180525=true
PHPSESSID=xxx
glt_3_xll2BxR_xxx=xxx

I downloaded Firefox code injector extension from here. Then I added this script: // Type your JavaScript code here.

document.cookie = "FN_cookie_accept-20180525=true"
document.cookie = PHPSESSID=xxx
document.cookie = glt_3_xll2BxR_xxx=xxx

And in the text field current host, I entered the domain name of the websites where I want the cookies to be injected, e.g. xyz.com (without the www).

Then I refreshed the page. Nothing changed. I did not get logged in.

I made a second attempt by entering the same code but from the browser console when I opened the targeted page and I refreshed the page after that.

Can you please help me with a clear method for injecting sniffed cookies?

user9371654
  • 469
  • 1
  • 6
  • 15
  • 2
    *"Then I refreshed the page. Nothing changed. I did not get logged in."* - please check in the developer tools if the cookies are included in the request or not. – Steffen Ullrich Apr 29 '19 at 14:54
  • The first line says: `Request to access cookie or storage on “http://cdn.gigya.com/JS/socialize.js?apikey=3_xxx” was blocked because it came from a tracker and content blocking is enabled.`. Is there any workaround? – user9371654 Apr 29 '19 at 15:20
  • I doubt that this is relevant. Please have a look at the request send to the server where the specific cookie you've added should be send. And note that the information in your post are not sufficient to reproduce exactly what you are doing and to find your problem. Thus it is not unlikely that you are doing something wrong but nobody realizes it since you don't provide full details. If you expect others to help you with clear and easy to follow steps please show what you are doing in as much detail as possible, i.e. reproducible target, step you do, result you see, next step ... – Steffen Ullrich Apr 29 '19 at 15:42
  • `Please have a look at the request send to the server where the specific cookie you've added should be send.` Can you please clarify how can I identify this request in particular? I am in tab "Console" and there many lines when click "refresh" after I added the script to set the cookies. – user9371654 Apr 29 '19 at 16:23
  • 1
    Sorry, but this is not the place for an introduction into how to use the browsers developer tools to watch network traffic. See for example [here](https://www.mkyong.com/computer-tips/how-to-view-http-headers-in-google-chrome/) for a hint. As for figuring out which request to look at - know which domain you've set the cookie at and the look at requests for this domain. And you've already looked at such requests in wireshark so look for similar ones in the browser. – Steffen Ullrich Apr 29 '19 at 16:27

2 Answers2

0

The reason why Javascript isn't working is because you are injecting the cookies after the page is loaded, meaning it can't possibly know that you already have them upon first request which returns data for the website.

The simplest way is just by using a Browser cookie editor. For Chrome it's EditThisCookie. Just put in your cookies in the target domain and off you go.

https://chrome.google.com/webstore/detail/editthiscookie/fngmhnnpilhplaeedifhccceomclgfbg?hl=lv

Raimonds Liepiņš
  • 994
  • 5
  • 9
-1

What you're attempting to perform is Session Hijacking (that may help your own Google searching). Though it's an exercise, you've managed to obtain the session cookies from a valid session and want to establish it elsewhere.

Inserting the session cookies into a completely different browser request can be tricky so viewing the actual request/response is a must. With just a bit of Google searching the following shows how to use the Firefox browser developer tools in this capacity. There's far too much information to post here so instead here are the links:

  1. https://developer.mozilla.org/en-US/docs/Tools/Network_Monitor
  2. https://developer.mozilla.org/en-US/docs/Tools/Network_Monitor/request_details

Now that viewing the HTTP request/response is possible, you can be certain if the cookies are actually being sent and how the server is responding. If they're not being sent, consider a different utility/plugin to modify the HTTP request headers. Perhaps a different browser altogether such as Chrome as it may have a better utility/plugin.

Finally, HTTP proxies make quick work of tasks such as this though they do come with a learning curve. Common programs include:

  1. PortSwigger Burp Suite Scanner
  2. Telerik Fiddler
phbits
  • 1,002
  • 2
  • 5
  • 12
  • 1
    No doubt during web attacks you want to be using Burp Suite, but it's not necessary to use a web proxy and intercept all the requests to edit the cookies. Cookies are browser based and can be simply added/modified for the specific domain on the browser itself. – Raimonds Liepiņš Aug 05 '19 at 14:24