In computer science, session hijacking, sometimes also known as cookie hijacking is the exploitation of a valid computer session—sometimes also called a session key—to gain unauthorized access to information or services in a computer system. In particular, it is used to refer to the theft of a magic cookie used to authenticate a user to a remote server. It has particular relevance to web developers, as the HTTP cookies used to maintain a session on many web sites can be easily stolen by an attacker using an intermediary computer or with access to the saved cookies on the victim's computer.
Source: Wikipedia
So that's a brief about session hijacking from Wikipedia and now its time for the fun part. Let's plot this like a story. You're engaged in a titanic battle with your good friend and mortal enemy, over that girl you both met during your college techfest. Last week he went too far, and did something which literally gained some extra hand over her. And you don't wanna talk about that. You're now officially at war.
You have to hit him where it hurts. You have to gain access to his facebook account. It's now 3.00pm, afternoon break. He has gone to make a sandwich, and has made the fatal error of forgetting to lock his computer. You have discovered that all you need is a little time with his laptop's Facebook session. And this is the best opportunity you're ever going to get.
Your research suggests that he usually favors a chicken roll and a cup of coffee for his late afternoon snacks, and that you most likely have 2 minutes alone with his computer, perhaps 3 if has trouble getting his order that you strategically managed to be late. Game on.
The Cookie Toss
You've trained for this moment for days, but even 3 minutes is not enough time to execute your entire plan end-to-end. You keep calm. You can use this small window of opportunity to throw his Facebook session from his laptop onto yours, then continue with the next phase right under his oblivious nose.
His session is in his browser cookies. You get his facebook.com cookies, you get his session.
The problem is that opening developer console and throwing down some javascript only gives you 6 of the 11 cookies set by facebook. The other 5, the ones with the session data that you actually care about< are all marked httponly and are completely inaccessible by javascript. The clock is ticking. Chrome stores its cookies in a sqlite3 database. But they're encrypted.
The Gameplay
There's this handy little chrome extension called EditThisCookie. This extension is able to
export and import cookies with incredible speed, since Chrome Extension have access to all cookies, even those marked httponly. You quickly install it, hit 'Export' and email yourself the JSON serialized cookies. You uninstall it and delete the browser history to avoid arousing suspicion. You fire up your laptop, import these cookies using the same extension, and hit facebook.com. You have access. As long as your friend doesn't log out and expire your now shared session, the gameplay is complete.
He comes back, enormous sandwich in hand. But it's too late. You're in.
Hope you guys enjoyed this post. Subscribe our newsletters for latest update in technology and hacking.
No comments:
Post a Comment