How to Intercept and Process data from Cookies
A few weeks ago, I was reading about how a hacker could easily steal cookies by intercepting them over an open network. So I wanted to see for myself, what kind of information websites are sending unencrypted over the Internet.
What are cookies?
When a web page wants to remember bits of information about a user, it can store them in a file on the user’s computer called a cookie. Any type of information can be stored, such as usernames, preferences, or shopping cart information. The next time the user visits that web page, the browser sends back the cookie, so the web page can process it.
The Problem
The vulnerability occurs when the cookie data is being sent between the user and the web page. If the data is sent in an unencrypted transmission, someone can view all the details that are stored in that cookie, without being detected.
For this article, I will be showing you how to use Wireshark to see the data that is sent over a network.
- First off, you will need to download and install Wireshark from here.
- Once installed, start the program.
- In the top menu go to Capture -> Options or press Ctrl+K
- Configuration depends on the computer and network used, so it will not be covered in this post.
- Click the Start button when you are ready.
- In the Filter box, enter “http” without the quotes and click apply.
- With Wireshark running, go visit a website or wait until another user visits it over the network.
- Stop the capture once you see a GET or a POST under the Info column.
- Select the row with the GET or the POST and check in the bottom frame if there is a Cookie section in the “Hypertext Transfer Protocol” header.
Screenshot of a captured cookie in Wireshark
To see the full cookie, right-click on the line with Cookie -> Copy -> Bytes (Printable Text Only). Now open a text editor and paste it to see the full cookie. Here is a part of the cookie from the screenshot:
Cookie: CULTURE=EN-US; FlightGroupId=68; FlightId=BasePage; hpsvr=M:5|F:5|T:5|E:5|D:blu|W:F; hpcli=W.H|L.|S.|R.|U.L|C.|H.; wpv=0
While this may not look like much, if a hacker copies these values into their browser, the website will recognize them as the original user, potentially giving the hacker full access to your account. Cookies can easily be added to Firefox using add-ons such as Add N Edit Cookies or the more powerful SQLite Manager.
Securing Cookies
There are a few ways to protect cookies from being stolen. However, both of the methods I’ll mention can only be done by the websites storing the cookie.
This first method is to use SSL encryption on all connections. The disadvantage is that the website will require increased bandwidth, due to the overhead of encrypting the data. Also, encrypted pages are not stored in a cache so it is downloaded on each visit to the website, leading to increased bandwidth requirements.
A much easier method is to improve the cookie management using a solution like Barry Jaspan’s, which can be found at http://jaspan.com/improved_persistent_login_cookie_best_practice. This is not as secure as using SSL, but can be helpful for websites that do not store sensitive information.
Pineapple Orange 
Leave a comment