Session Hijacking using Cookie

We’ve learned how to do Cookie Stealing in the last post through XSS vulnerabilities. Some of you might be wondering (I was curious too in the beginning) why cookie can be so important for the attacker and that is exactly the reason why I choose this topic for my post.

So, why is cookie so important?

With cookie from the logged-in user, we can use it for later use if we want to gain access to the specific website again without even knowing the username and password, this is also called Session Hijacking.

But the question is how do you use cookie to get a privileged access?

Well, we can use Tamper Data, an add-on in Firefox browser, to modify HTTP/HTTPS header and post parameters. You can download Tamper Data by clicking here.

When you’ve finished downloading, open your Firefox browser, click Tools and choose Tamper Data to open the application.

The Tamper Data window will show up. Click Start Tamper to start capturing the ongoing request.

Now, open the page that needs the right authentication to access it. In this case, I’m opening my DVWA’s homepage (http://localhost/index.php) since to access this page I have to log in first or else it will redirect to the login page.

This will show up when the request is sent from the browser to the web server

Click Tamper to edit to modify the request. As you can see from the picture below, there is a Cookie field that contains PHPSESSID. The only thing you need to do is replace the current cookie with the logged-in user’s cookie that you’ve stolen. Then, click OK.

If the request returns a 200 status code (OK), the browser will automatically redirect to the homepage. Else if the request returns an error code like 302 (Redirection) or 401 (Unauthorized) means the cookie is not valid anymore.

Here is the proof where I’ve successfully do a Session Hijacking using Cookie that I’ve saved from my previous post.