On the web, we often come across articles explaining how to retrieve a victim's cookies with sniffing tools or with the exploitation of XSS flaws. On the other hand, we never find the method to use the cookie.
Usually, a cookie is a small text file, which is stored by a website on your hard drive. This storage is carried out by your browser. This is used by the website you are visiting to recognize you. Also, when several days after your visit, you come back to the same site, it will ask for your cookie, and if it is still present on your hard drive, the website will read the information contained in the cookie and redirect you to your session without authentication.
The aim of the hacker is therefore generally to steal the victim's cookie in order to exploit its content.
In this article, we will see how to exploit and use the cookie. Assuming you have already retrieved a target's cookie using a sniffer or using a middle attack or perhaps by directly accessing a loved one's computer.
I have the victim's cookie but how can I use it?
For this you will need the following tools:
Cookies Injector is a script that injects the cookie string into any web page.
Example of use
To do this, please follow the steps below:
- Open your chrome browser then launch www.facebook.com , enter the login and password
- Copy the displayed cookie
- Now open Facebook in the Firefox browser
- Type the following keys: ALT + C
- Paste the cookie in the text field
- Finally restart Facebook so you can access your session on the Firefox browser without having validated any username or password.
To access a target's session, change only your cookie to the victim's cookie. 🙂