..:: MacHacking.net ::.. Article from MacHacking.net Knowledge Base: http://kb.machacking.net ********** Title: Cookies for the Kids v1.0 Author: Zelda Author Contact: zelda@undergroundmac.com ********** What are cookies? Imagine you are at a gaming lounge and you get a stamp on your hand. This is your pass to the gaming lounge and your pass to come back. This is the same with Web Applications cookies contain valuable information for example Passwords, Usernames etc. Your web browser stores these in order to give you your "ticket" to be in that account. I'm sure you have seen the radio box in your favourite BBS that says, "Remember Me" or something to that extent. What Value does cookies have to me as a Hacker? Because cookies contain a realm of information to you as a hacker occasionally you may want to steal cookie data (I will not go into this) or edit cookie values to make it look like you are that user (this process is called spoofing) this occasionally is useful to spoof your way into a Administrators account. How do I view cookies and edit their values: In order to see the current cookies in the site, which you are viewing, put in the URL line in your browser javascript:alert(document.cookie) This will show you a JavaScript window alert that shows the cookie data from the current site. In order to edit the values of the cookie we do the following 1. Go to a website. 2. After the website is loaded in the address bar write javascript:alert(document.cookie) 3. This will show you the list of available cookies and their values. 4. To edit the cookie type in this in the address bar javascript:void(document.cookie"cookie=value") where cookie equals the cookie name and value equals the value of the cookie. Just remember the cookies are stored client-side (computer side) but are read off server-side so do not think otherwise. Cookies are interesting because sometimes cookies are echoed to a page and if the page is parsed you can execute SSI on the server or inject javascript as values so its just a bit of information to hold in the back of your head. Cookies are useless stand-alone but normally to a hacker but on occasion some Web applications have flaws, which enable you to spoof your way to admin or do other things. ********** Article from MacHacking.net Knowledge Base: http://kb.machacking.net