info ‐ Cookie Stealing - taylorjohn/hacking GitHub Wiki

Cookie Stealing (Session Hijacking)

Cookie stealing, also referred to as session hijacking, is a cybersecurity threat where attackers illicitly acquire session cookies to gain unauthorized access to user accounts or sensitive information. These session cookies, typically stored on users' devices, contain data crucial for maintaining authentication and session state. By acquiring these cookies, attackers can impersonate users and perform actions as if authenticated, leading to various security risks.

Methods of Cookie Stealing

  1. Packet Sniffing:

    • Description: Attackers use network sniffing tools to intercept unencrypted network traffic. When users transmit data over HTTP connections, including session cookies, attackers capture and extract these cookies.

  2. Cross-Site Scripting (XSS):

    • Description: Attackers inject malicious scripts into vulnerable websites, commonly through input fields or URL parameters. These scripts execute in victims' browsers, allowing attackers to steal cookies of other users visiting the compromised site.

  3. Man-in-the-Middle (MITM) Attacks:

    • Description: By intercepting communication between users and servers, attackers can capture session cookies exchanged during the session. MITM attacks are often facilitated on unsecured or public Wi-Fi networks.

  4. Browser Exploits:

    • Description: Attackers exploit vulnerabilities in web browsers or their plugins to extract cookies stored locally on users' devices. These exploits can circumvent browser security measures and directly access cookie data.

Examples of Cookie Stealing

  1. Packet Sniffing Example:

    • Description: An attacker uses a packet sniffing tool like Wireshark to intercept unencrypted HTTP traffic. When a user logs into a website, the attacker captures the session cookie transmitted over the network, granting them unauthorized access to the user's account.

  2. XSS Attack Example:

    • Description: An attacker injects a malicious script into a vulnerable web application's comment section. When unsuspecting users visit the page and load the comments, the malicious script executes in their browsers, sending their session cookies to the attacker-controlled server.

  3. MITM Attack Example:

    • Description: At a coffee shop with unsecured Wi-Fi, an attacker sets up a rogue access point. When users connect to the rogue network and browse the internet, the attacker intercepts their communication, capturing session cookies exchanged during login sessions.

  4. Browser Exploit Example:

    • Description: By exploiting a browser vulnerability, an attacker installs a malicious browser extension on victims' devices. This extension silently collects session cookies stored in the browser's local storage, which the attacker can later use to impersonate the victims.

Preventing Cookie Stealing

  • Use HTTPS: Always ensure websites use HTTPS to encrypt traffic, preventing attackers from intercepting sensitive data.
  • Enable SameSite Attribute: Set cookies with the SameSite attribute to restrict cross-site usage, mitigating XSS attacks.
  • Implement CSP: Employ Content Security Policy to limit script execution and mitigate the impact of XSS vulnerabilities.
  • Regularly Clear Cookies: Encourage users to clear browser cookies regularly or use browser features that automatically delete cookies.
  • Implement MFA: Implement multi-factor authentication to add an extra layer of security, even if session cookies are compromised.

By understanding the methods employed by attackers to steal cookies and implementing robust security measures, both users and website owners can mitigate the risk of session hijacking and safeguard sensitive information from unauthorized access.