First of all, before going any further you have to understand what a
cookie is. So what is a cookie? a cookie is a small piece of information
that is stored in the user's client (browser) when a user visits a
website. It is generated by the web server and sent to the browser
for authentication purpose. Lets say you login to your facebook
account, when you login a session data is being created in the
facebook's server and it sends a cookie file to your browser. when you
do some activity in facebook, these two things are compared and matched
everytime. So if we manage to steal this cookie file from someone we
will access to their account. In this tutorial i will show you how to do
this in LAN. (this method will not work if the victim is not connected
to your network.)
So in this tutorial you will be using a tool called Wire Shark ( Download From Here ) and a firefox add on called Add N Edit Cookies.( Download From Here ).
Before we start we have to ARP Poison the victims. To do this read ARP Poisoning.
When done this process, just minimize Cain And Abel.
Wire shark is a tool used to sniff packets from the network clients. we will be using this to steal our cookies.
Add N Edit Cookies add on is to inject the stolen cookie into firefox browser.
Download and install wireshark, open it up and click on "Capture" from
menu bar. select your interface and click Start. this will start to
capture all the packets from your network.
Now find the packets using ther filterer http.cookie.
Look for packets which has POST and GET in it. this is the http information sent to server.
Now once you found the cookie, copy its value like this:
Paste it and save
it in a notepad file. Now the final thing to do is, open firefox and
start the Add N Edit Cookies Add on from tools menu. Now Insert the
stolen cookie here, and you're done! you should be having access to the
victim's account now!
No comments:
Post a Comment