1 / 16

Lab 3

Lab 3 . Cookie Stealing using XSS Kara James, Chelsea Collins, Trevor Norwood, David Johnson. Lab 3 Goals. Learn what cookies are Learn about Cross-Site Scripting Attacks Learn what it means to steal cookie information Get hands on experience with a web browser vulnerability.

makya
Download Presentation

Lab 3

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Lab 3 Cookie Stealing using XSS Kara James, Chelsea Collins, Trevor Norwood, David Johnson

  2. Lab 3 Goals • Learn what cookies are • Learn about Cross-Site Scripting Attacks • Learn what it means to steal cookie information • Get hands on experience with a web browser vulnerability

  3. What are cookies? • Nope, not the kind you eat! ;) • The Kind that track you like a creepy stalker! • Cookies are data stored in a web browser • There many different “types” of cookies: • Session, Persistent/Tracking • Persistent cookies are cookies that will outlast user sessions and are used for a variety of reasons • Zombie Cookies that recreate themselves • Cookies identify who you are to a website • The website stores this information (like your username and password) to help provide you with the pages you view • They can be used to keep track and keep records of users browsing histories and activity

  4. …. Are they Good or Bad? • Cookies can be tracked by third-parties and are used by advertising companies to track users across multiple sites and pages. • For example, in 2002 the CIA was leaving persistent cookies on computers who were visiting their sites. • In 2005, The NSA has also left persistent cookies from a software upgrade. • RFC 2965 specifies that browsers should protect user privacy and not allow third-party cookies by DEFAULT. • BUT most browsers ALLOW these third-party cookies by default. It is allowed because browsers and the third-party website has it stated in their Policies and agreements • For instance, Do you think Facebook should have the right to track your Google searches? Or any online activity?

  5. Cross-site Scripting Attacks/XSS • These vulnerabilities would occur in the server-side code • They are vulnerabilities in Web Applications • XSS injects client-side script into web pages • There are different kinds of XSS attacks, but Lab 3 deals with cookie stealing through XSS • The injected code Steals a cookie that should be only exchanged between the server/client and is sent to another party

  6. We will be using these Webhacking.zip Files • malURL.htm • Redirectpage.htm • Setgetcookie.htm • Stealcookie.php • Log.txt

  7. Lab 3 Process • User first opens setgetcookie.htm on vulnerable site • Sets cookie • Attacker sends malURL.htm to user with malicious URLs in it • Clicking on them redirects user to redirectpage.htm • redirectpage.htm has script embedded in a html tag • Script inputs the document’s cookie to stealcookie.phpon attacker’s site • Stealcookie.phplogs the cookie on attacker’s site

  8. setgetcookie.htm

  9. malURL.htm

  10. malURL.htm Hovering over each link with your cursor shows two different destinations. One is more deceiving and more likely to be opened/clicked on

  11. Second Link: redirectpage.htm redirects to stealcookie.php <body> <?php $f = fopen("log.txt","a"); $cookie = "\n".$_GET['username']."\n"; fwrite($f, $cookie); fclose($f); ?> </body>

  12. Log.txt • Stealcookie.php file stores the cookie into the log.txt file BAM!!! You’re HACKED!

  13. Today: Changes and Threats • Lab 3 is only an example of the general process of XSS cookie stealing and would not work in real world because of an increase in the web browsing security. • Modern browsers are more sophisticated now and don’t relocate to new sites without permission and they filter out scripts from links • But hackers come up new ways around these features EVERYDAY • Which is why it is so important to update all of your software regularly. • Examples of cookie stealing: • Malicious links through instant messengers, emails, spam, Facebook, disguised websites, disguised links • Web browsing and clicking on malicious links • Injected sophisticated scripting code to trick users

  14. Real World Cookie Stealing Example • Facebook cookie stealing Example: • You can capture packets using a free network packet analyzer • This is where you can Find a “cookie” over an internet connection • You’ll need other applications as well like Firefox, greasemonkey, and cookieinjector script • This example gives you access to their account but doesn’t give you their credentials • Only works if Facebook connection is HTTP • Prevented by using HTTPS which you can enable in your Browser under Account Settings>Security

  15. Preventing cookie stealing • Using HTTPS encrypts and protects • Web Vulnerability Scanners Choosing to “Remember Me” uses • Google uses similar cookies for its services • Detecting suspicious activity on server side • Requiring Re-authentication • Cookies are browser specific • Browser Fingerprint • Change Browser Settings to tell websites not to track you

  16. Any Questions?

More Related