Penetration Testing mailing list archives
Example of XSS cookie stealing code?
From: "Lachniet, Mark" <mlachniet () sequoianet com>
Date: Fri, 12 Dec 2003 08:49:01 -0500
As a tangent on this conversation, does anyone have a good example they would like to share of some tricky XSS cookie stealing code? (for inclusion in HTML email, malicious web page, etc.) Thanks, Mark Lachniet -----Original Message----- From: Achim Dreyer [mailto:adreyer () math uni-paderborn de] Sent: Thursday, December 11, 2003 11:55 AM To: Rajesh Jose Cc: pen-test () securityfocus com Subject: RE: XSS with encrypted cookie? On Thu, 11 Dec 2003, Rajesh Jose wrote:
Hi, I didn't get "encrypted session token cookie". Normally nobody will be encrypting a session token. So far as the session token is strongly random nothing can be achieved by encrypting it. Or did you mean secure cookie? Secure cookie is a cookie which can be fetched by the server only through a SSL channel. In all these cases "encrypted, not-encrypted and secured" it is
possible
to fetch a cookie through XSS attack and replay the session. Replaying of session token will not possible if the application is
using
source IP for session validation.
.. unless of course when user and attacker live on the same system, which is quite possible on any unix system or something like a citrix server (farm). Regards, Achim Dreyer -- A. Dreyer, Senior SysAdmin (UNIX&Network) / Internet Security Consultant ------------------------------------------------------------------------ --- ------------------------------------------------------------------------ ---- --------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- Example of XSS cookie stealing code? Lachniet, Mark (Dec 12)