Cookies Theft Attack

 

What are Cookies

Cookies are basically just text files, stored on your computer, which the browser uses to store useful information about your actions. One can view cookies as messages that pass between the browser and the web server. The browser sends cookies to the web server when requesting data, and the web server sends them back to the browser with each reply.

Cookies are stored in the local memory of the computer, usually inside the user profile folder, depending on the type of browser. Firefox stores all cookies in one file, while Chrome separates them into a separate file for each cookie.

Cookies Theft Attack

1. Session Fixation

Session fixation attacks seek to exploit a service weakness and allow the attacker to correct (find or set) another person's session ID.

Attack scene:

Alice opens this URL.

example.bank.com/login

The server responds with a generated session ID value that Alice can find in her cookies e.g.

session id = xyz

Alice wants to force Bob's browser to use this session ID (so they'll both share the same session, so Alice can log in later and see Bob's account information) when she logs in. happens.

example.bank.com, Alice has 2 choice:

2. Session Hijacking

Definition of session hijacking according to Owasp:

The session hijacking attack consists of the exploitation of the web session control mechanism, which is usually organized for session tokens.

Session Hijacking attacks compromise session tokens by stealing or predicting a valid session token to gain unauthorized access to the web server.

Because HTTP communication is based on many different TCP connections from the server, the web server needs to identify these connections and find out which client sent them.

A session token is a string used to identify client requests sent from a single client to a web server.

Session Hijacking Attack is an exploit for stealing or guessing this token number, which is usually stored inside a cookie.

Protect Yourself from Cookies Theft:

1.As a programmer, you can take a number of steps to ensure that hackers will not be able to hijack your website sessions. Of course, these do not provide a 100% guarantee that hacking will not succeed, but they do reduce the likelihood.

2.Requires the use of SSL / TLS connection on all pages of your website. Doing so increases CPU load time so at least consider using SSL / TLS for login pages and cookie transfer pages.

3.Set the timeout of a session to ensure that the session has been deleted after a specified time - "Remember me" to make it easier for users to log in after the session expires. Provide buttons.

4.Mark the cookie as an HttpOnly cookie (using attribution) to ensure that this cookie cannot be passed through the script. I read a good post about it here.

Keep cookie domain to a minimum.