Thursday, 3rd April 2025
Recent Articles

  • Automate Repetitive tasks using Mouse/Macro Recorders

    Through out a day, almost all computer user do many repetitive tasks on computer and internet. If you are one of them, then Macro recorders can help you to reduce the stress of repetitive tasks from your hands and wrist

  • How To Get Full Version of WinRAR For Free

    Free winrar, Full version Winrar, Winrar Serial key  I guess everyone know what is Winrar, and what it works. So without going into that deep, directly going to tell an easy procedure to convert Winrar trial version into full version. St

  • How to hack/Bypass windows logon password [VIDEO]

    In response to query asked by Ameer Hasan Malik Did you forget your windows login password? or want to access Admin account in school or colleges?  Whatever the reason is, this article can help you to get into the Admin account of y

  • Trick to identify the celebrity without staring and blinking eyes

    Have you seen the illusion pictures that ask you to stare on the picture for some seconds and then blink your eyes to see the celebrity? Images below are the examples of such kind of illusion.  Stare at the image for 20 seconds, then

  • Advantage of Chrome's Multi-Process Performance

    Google Chrome was one of the first browsers to have multiple processes. If you are a frequent Google Chrome user, then you probabely have seen sometimes, multiple “chrome.exe” processes running in your task manager, with multiple time

  • Reduce Chrome Memory usage using TooManyTabs extension

    Google Chrome was one of the first browsers to have multiple processes,  which creates a separate process for each tab. That means , if you have 5 tabs opened on your Chrome browser, then  you can see minimum 6&nb

  • Transform your Windows7 laptop into a Wi-Fi hotspot

    In today's time, not even  every home has a laptop or computer, but every member of family also own separate laptops or any other device with internet connection. And everyone want to use internet, prefect if you have a Wi-Fi at h

  • Sql Injection For Beginners: Tutorial 1

    Many times my readers have asked me to write about SQL Injection, but i always used to consider that its pretty easy way of hacking and may be everyone already know about it.  But now after years I think that, no, i was wrong.Still even ma

    • View More Articles

    How cookie Stealing Hack Works : Basic about Session Hijacking

    Sunday, July 10, 2011| Surbhi Verma



    Well I have posted lots of articles on Phishing and keylogging, but today I would like to throw some light on a very useful method which hackers use to hack gmail, facebook and other email accounts i.e. cookie stealing and session hijacking.




    What is a Cookie?Cookies are small files that websites put on your computer when your browser accesses a website that uses cookies. cookies are used to to keep track of your movements within the site, help you resume where you left off, remember your registered login, theme selection, preferences, and other customization functions.


    Whenever we sign into an account it generates a unique piece of string. One copy is saved on server and other in our browser as cookie. Both are matched every time we do anything in our account. 


    Cookies allow you to proceed through many pages of a site quickly and easily without having to authenticate or reprocess each new area you visit.


    Example of cookie:

    1. Have you ever put something in a virtual shopping cart in an online store and then returned a few days later to find that the item is still there? That's an example of cookies at work.
    2. When you login on gmail or facebook, you need to give ur username and password only once, but after that each time when u navigate from one page to another, it redirect you without asking for those information(username and password) asked before.

    Types of cookies: 

    • session cookies: Session cookies are created temporarily in your browser's subfolder while you are visiting a website. Once you leave/sign out from the site, the session cookie gets deleted. 
    • Persistent Cookies: Persistent cookie files remain in your browser's subfolder and are activated again once you visit the website that created that particular cookie. A persistent cookie remains in the browser's subfolder for the duration period set within the cookie's file.







    What is a cookie stealing and Session Hijacking ?"A session hijacking attack is basically an act of stealing stored session cookies and injecting it into your own browser to gain access to victims account."


    In this procedure, an attacker can steal session cookies by convincing slave to run a piece of code in browser (normally any java script ) or by any how ask slave to visit to any link that have session stealing php script . As soon as Victim do that, attacker gets his session cookies. Now Attacker can use this stolen session to login into slave's account without providing any username/password. This attack is very uncommon because when the slave clicks 'Sign out', session gets destroyed and attacker too also gets signed out.


    But in case of some sites that use persistent cookies attacker doesn’t get signed out when slave clicks 'Sign out'. In destroy session automatically after any particular time. for Ex. Yahoo,  it destroy cookies after 24hrs But if user simply refreshes the windows in yahoo account with in 24 hrs, then he gets sessions again for next 24 hrs. This means, once the yahoo account session is stolen, attacker can access the account for life time by refreshing window in every 24hrs.


    How the stealing process work?

    1. The attacker creates a PHP script and uploades it to any webhosting site.
    2. The attacker then asks the slave to visit that particular link containing the PHP code.
    3. Once the slave v    isits it his/her authentication cookie is saved in a .txt file.
    4. Next the attacker uses a cookieinjector or a cookie editor, and     replaces his own cookies with the victims cookies as a result of which the victims session is hijacking, and he got access to victim's account.


    Well, this all was the theory About Cookie Stealing and how it works, in my next post i will explain how you can done all this practically....

    Keep on Visiting or You can subscribe below to get updates  in your inbox... ;)

    If you want more hacking tutorials, check out other posts under category Hacking.

    author

    Written by:Surbhi

    Surbhi is Founder of Techbyte4u.com. Follow her on Twitter or email her

    Bookmark and Share
    Posted in Hacking Stuff

    8 comments for this post


    1. Ashish Kulshrestha
      July 11, 2011 at 5:52 AM

      Thnx for sharing .. such a wonderful information :)


    2. Unknown
      July 11, 2011 at 9:27 PM

      Can u give me the php script for stealing cookies


    3. Surbhi Verma
      July 11, 2011 at 9:39 PM

      hi Mak... i will write about it in other post soon, please have some patience and keep reading articles here...
      thanks :)

      @Ashish... thx dear :)


    4. dhananjay
      July 12, 2011 at 10:05 AM

      Curiously waiting for the next post!!!


    5. dhananjay
      July 12, 2011 at 10:06 AM

      Curiously waiting for the next post! :)


    6. Surbhi Verma
      July 12, 2011 at 10:37 AM

      @Dhananjay ...
      Thx for showing ur interest, will try to write next post today :)


    7. dhananjay
      July 14, 2011 at 3:22 PM

      Well...Thanx in advance for that :)


    8. Bhagat Singh Bisht
      April 25, 2012 at 12:00 PM

      Dear Surbhi,
      All your posting are really nice one keep such posting. I really liked

      Thanks
      Bhagat Singh Bisht

    Leave a reply

    Newer Post
    Older Post
    Subscribe to: Post Comments (Atom)
    TechByte4U on Facebook
    Popular Posts