Posts
An article on cookie stealing, using XSS.
In this tutorial I'll try to explain the procedure of cookie stealing through XSS in a few simple steps.
Step one: Finding a XSS vulnerability
How to Prevent Cookie Stealing
1. The easiest way to prevent someone from stealing your cookies is to watch the links you click. Check the URL address of the website it is trying to take you to. If you don't know it, don't trust it. A good thing to look for is the structure of the URL. The cookie stealing scenarios will be run from a free sub domain. To hide the link they will try to make it look like the web address of the site that they are putting the malicious link on. So say you came across a cookie stealer on Myspace. They will most likely form a sub domain that looks something like this. Www.myspace.freehost.com. At a glance you will just see the Myspace and think everything's good. It is very important that you watch for things like this. 2. The only real method that you need to follow other than the one above is too clear your cookies after every session. If a Trojan at any point somehow infects you then you most likely have some kind of backdoor on your computer that you don't even understand. This is a free pass for hackers to welcome themselves in. All they need to do once there in copy all the files in your cookie folder to their computer and start cracking. Nevertheless, if you make it a habit to delete these cookies at the close of every session then there is nothing for the hacker to steal (as far as cookies go, that is).
No comments:
Post a Comment