Penetration Testing mailing list archives
RE: XSS LAB DEMO IDEAS
From: "Dawes, Rogan (ZA - Johannesburg)" <rdawes () deloitte co za>
Date: Thu, 9 Jan 2003 09:15:31 +0200
Once you have the cookie, you need to identify an URL on the target web server that will allow you to access the goodies. For example, trace the traffic when you log into your web application normally. Most apps will redirect you to a "landing page" immediately after the login. If you had the other person's cookie, you could go to that same page, and see what they see. How to get the cookie into play? Well, my approach would be to use a proxy, like mangle (http://mysite.mweb.co.za/residents/rdawes/homepage.html), SPIKE proxy, WebSleuth (?) etc, to add/substitute whatever cookie your browser is using natively with the cookie that you have captured. In that way, it makes no difference what cookie your browser thinks it has, the server will think you have the captured one. There is an exception where the client does manipulation of the cookie using javascript, but you can get around that by adding a "Set-Cookie" to the response if necessary. Hope this helped. Rogan -----Original Message----- From: Jeremy Junginger [mailto:jj () act com] Sent: 08 January 2003 07:09 PM To: pen-test Subject: RE: XSS LAB DEMO IDEAS Thanks for the ideas, guys. I'm running into a bit of technical trouble, though. Perhaps you could shed some light? I now have a "victim" web server set up that I can test XSS on, and I have also set up an "attacker" web server that basically sits there and eats cookies via CGI, storing them to a local directory. The next question may seem very rudimentary, but can you just write those to your user's "cookie" folder and "hijack" their session to the web site? I know I'm missing something ::scratching my head:: -Jeremy ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/ ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
Current thread:
- XSS LAB DEMO IDEAS Jeremy Junginger (Jan 06)
- Re: XSS LAB DEMO IDEAS Loki (Jan 06)
- Re: XSS LAB DEMO IDEAS Kevin Spett (Jan 06)
- <Possible follow-ups>
- Re: XSS LAB DEMO IDEAS Mark Curphey (Jan 06)
- RE: XSS LAB DEMO IDEAS Dawes, Rogan (ZA - Johannesburg) (Jan 07)
- Re: XSS LAB DEMO IDEAS FermÃn J . Serna (Jan 08)
- RE: XSS LAB DEMO IDEAS Jeremy Junginger (Jan 08)
- RE: XSS LAB DEMO IDEAS Dawes, Rogan (ZA - Johannesburg) (Jan 10)