What are browser cookies, why should you delete them, and how can you do this? Methods for stealing cookies

The picture shows that the cookie contains the line wordpress_logged_in_263d663a02379b7624b1028a58464038=admin. This value is in unencrypted form in the cookie and can be easily intercepted using the Achilles utility, but in most cases in Achilles you can only see the hash of a particular entry. Before sending the request to the server, you can try to replace this line with any similar one (although in this case there is no point) - the number of attempts is not limited. Then, by sending this request to the server using the Send button, you can receive a response from the server intended for the administrator.

In the previous example, you can use direct user ID spoofing. In addition, the name of the parameter, whose value substitution provides additional opportunities for the hacker, can be the following: user (for example, USER=JDOE), any expression with an ID string (for example, USER=JDOE or SESSIONID=BLAHBLAH), admin (for example, ADMIN= TRUE), session (for example, SESSION=ACTIVE), cart (for example, CART=FULL), as well as expressions such as TRUE, FALSE, ACTIVE, INACTIVE. Typically, the format of cookies is very dependent on the application for which they are used. However, these tips for finding application flaws using cookies apply to almost all formats.

Client-side countermeasures against cookie extraction

In general, users should be wary of Web sites that use cookies for authentication and to store sensitive data. It is also necessary to remember that a Web site that uses cookies for authentication must support at least the SSL protocol to encrypt the username and password, since in the absence of this protocol, the data is transmitted unencrypted, which makes it possible to intercept it using the simplest software to view data being sent over the network.

Kookaburra Software has developed a tool to facilitate the use of cookies. The tool is called CookiePal ( http://www.kburra.com/cpal.html (see www.kburra.com)). This program is intended to warn the user when a Web site attempts to install a cookie on the machine, and the user can allow or deny this action. Similar cookie blocking functions are available in all browsers today.

Another reason for regularly installing Web browser updates is that security flaws in these programs are constantly being identified. So, Bennet Haselton and Jamie McCarthy created a script that, after clicking on a link, retrieves cookies from the client's machine. As a result, all the contents of the cookies that are on the user's machine become available.

This kind of hack can also be done using the handle

To ensure that such things do not threaten our personal data, I do this myself and advise everyone to always update software that works with HTML code (e-mail clients, media players, browsers, etc.).

Many people prefer to simply block cookies, but most Web sites require cookies to be browsed. Conclusion - if in the near future an innovative technology appears that allows you to do without cookies, programmers and administrators will breathe a sigh of relief, but for now cookies remain a tasty morsel for a hacker! This is true, since a better alternative does not yet exist.

Server-side countermeasures

In case of recommendations for ensuring server security, experts give one simple piece of advice: do not use the cookie mechanism unless absolutely necessary! Particular care must be taken when using cookies that remain on the user's system after the end of the communication session.

Of course, it is important to understand that cookies can be used to provide security to Web servers for user authentication. If your application does need to use cookies, you should configure the cookie mechanism to use different short-lived keys for each session, and try not to put information in these files that could be used by hackers for hacking (such as ADMIN=TRUE).

In addition, to ensure greater security when working with cookies, you can use cookie encryption to prevent extraction important information. Of course, encryption does not solve all security problems when working with cookie technology, but this method will prevent the most basic hacks described above.

You can transfer saved passwords from one browser to another.

Where to find remembered passwords ?

Any modern browser stores login information in two main ways.

You must have noticed that the first time you log in to any site, the browser displays a message asking you to remember the entered password. Although, in some cases, such a message does not appear if the user has disabled such a function in the settings. Each browser stores saved passwords differently. For example, IE and Edge use the standard Windows Account Manager for these purposes.

And here Chrome browser will store this data in its manager. Although you will still have to enter the password for your Windows account to access passwords.

In such a manager, passwords will be stored all the time until the user deletes them. By the way, the popularity of cloud services that come with all modern browsers is growing more and more. They allow you to synchronize all your Accounts, on the Internet, on all your devices and there is no need to separately enter passwords for each specific site.

Using cookies

Have you noticed that on the login form of many sites there is a special “Remember me” item? But for others, the logic is slightly reversed and the site will always remember you unless you check the box next to “someone else’s computer.”

But not many people know what this is connected with and why they need to check (or not check) such boxes. And some users are even very confused due to the presence of two options: “remember” and “don’t remember.”

And all this is connected with cookies (cookie - translated as “cookies”). They store credentials and this allows you not to enter your login password every time you visit the site; each time you will be taken to a site where you will be logged in automatically.

Cookies can be found in your browser folder; each Internet browser stores them in its own format. For example, for browsers built on the Chromium platform, cookies will be saved in the SQLite version 3 format. You can find cookies in Chrome using this path:

%LocalAppData%\Google\Chrome\User Data\Default

All saved cookies will be stored until the user deletes a specific cookie or clears all cookies. They can also be deleted upon expiration of their validity period, which can be set by the site. If we take WordPress-based sites as an example, their cookies are stored only for two weeks after the last update.

How to manage cookies in Chrome using the Cookies app?

Often, to transfer passwords, it is enough to import a browser profile, or simply copy the cookie file itself. But it happens that for some reason this is impossible or simply impractical. Therefore, in this case, we will look at the operation and management of “cookies” using a special application for Chrome. This application is called exactly that – Cookies. It has quite broad capabilities, and among them, the key ones are the transfer and download of cookies at the domain level.

The application itself has an English-language interface and working with it is not very simple. Therefore, we will now look in detail at how to manage it.

Application interface

Take a look at the image above, here we see the following elements:

1. The cookie storage itself;
2. Domain search;
3. List of cookies for a specific domain;
4. Separately selected “cookie”;
5. Cookie contents. The password hash, login and other data necessary for authorization will be located here;
6. The date when the cookie expires (you can change it and set other parameters manually);

Secure (decrypted) storage

This application allows you to create a special encrypted storage, which is highly recommended when transferring cookies. When opening the vault for the first time, you will need to create and specify a new password. It will need to be entered each time you access the storage.

Transferring cookies

The entire procedure can be divided into two main steps.

Step one - download cookies from the main computer.

Try not to forget this password, you can write it down somewhere, it will also be useful to you when saving cookies on another computer. We save the file with the extension .db in any convenient folder and with any name. After that, transfer it to another computer.

Step two is to save the cookie on another computer.

Now we will import cookies on the target device. It must also have the Cookie application installed.

Cookies will be transferred to the main storage on the new browser.

Now you can check and go to the site (from which the “cookies” came). Everything should work great and you should be able to easily access your account without entering a password. Additionally, you can increase the validity period of cookies to ensure that they are not lost in case of prolonged non-use.

How are cookies transferred in other browsers?

The article would not be fully useful if methods for transferring cookies in other popular browsers were not mentioned, because not all users use Chrome. We will look at them in less detail, because in many ways these methods are very similar to those described above, and in the case of Firefox and Opera, I personally have not tested them in practice. If you know The best way, which is much more convenient or faster, you can safely describe it in the comments.

Yandex

Here everything is similar to Chrome, we use the Cookies application and transfer the cookies according to the previously mentioned instructions.

Opera

Unfortunately, this browser cannot handle the Cookies application described here. But another extension with similar functionality was created for it - Edit this cookie. Using it, you can go to the required site and export cookies. They will be saved in a JSON file, after which they can be easily transferred to another device.

The main advantage of this extension is that you can transfer these cookies to different browsers: Opera, Chrome and Yandex. But there is also a drawback: for each cookie you will have to create a separate file, this is not very convenient if you need to save a lot of cookies at once.

Edge

At the time of writing this article, Microsoft's browser did not have the ability to transfer cookies.

Internet Explorer

Here you can save all cookies at once into one text file. To do this, press the “Alt” key, then, in the “File” menu, select “Import and Export”, then “Export to File” and finally “Cookies”. This file can be edited with regular notepad. There will be all the cookies available in the browser; if necessary, you can delete unnecessary ones. Bonus, this file can be loaded in console

– Igor (Administrator)

Cookies are small text files containing information that browsers leave on your computer. And almost every website leaves behind one or more cookies on your computer. Part of the bottom is used to quickly identify you when you return to the site, part to store intermediate data such as unfinished actions, part to store settings such as the last selected options, and so on. However, all cookies are stored separately for each browser, so if you need to change or delete them, you will usually have to open each browser individually and change the cookies. In addition, in almost all browsers, the standard cookie manager allows you to delete either all site cookies at once, or only one at a time, which is incredibly inconvenient when you just need to clear unnecessary cookies for the site. However, there is a much simpler way - this is the Cookie Spy manager program, which allows you to read and edit the cookies of most well-known browsers in one place.

Note Note: Please be aware that by default the size of data that can be used to store cookies is very limited, which may cause problems on some sites.

CookieSpy has a fairly simple and intuitive interface, as you can see in the picture above. The main feature of the program is that it allows you not only to read and edit cookies of well-known browsers such as IE, Firefox, Chome, Chomium, Safari, Opera, SeaMonkey, Comodo Dragon, Maxthon and others, but also to connect portable versions browsers and manage their cookies (the latter is done through the settings menu). CookieSpy supports the Russian language, so understanding the settings will not be difficult. All cookies are displayed in a table that supports sorting by each field, so finding the right cookies after the filter will be much easier than using standard browser managers. Another nice feature of the program is that CookieSpy allows you to delete several cookies at once. This functionality will especially appeal to those who have repeatedly faced the tedious task of deleting cookies one at a time.

You can download CookieSpy from the developer’s website using this link. The program installer weighs only about 0.5 MB and does not contain viruses, according to VirusTotal. However, you need to know that the installer downloads about 6 MB from the Internet during installation.

Note: Be careful and careful when using it, as deleting some cookies may lead to the loss of previously entered data on sites. For example, after entering the site, usually special sequences of characters are recorded in cookies, which, when you enter the site again, allow you to be immediately identified. Deleting such cookies will result in you having to log into the site again.

Now, you know how easy it is to manage cookies for all browsers from one place.

You've probably come across the term cookies while using the Internet. What it is? Essentially, cookies are a file or several small files that store text information. They are created when you visit sites that support this technology.

How do cookies work?

Everything is very simple. As soon as the browser receives a specific web page from the site, the connection between it and your PC is severed. If you decide to go to another page of the same resource or update the current one, a new connection will be established. On sites where there is no user authorization, this does not create any problems. But if it is necessary, without additional measures the resource is not able to “remember” the people visiting it and display information in accordance with the preferences of each of them. Cookies help to avoid a situation in which, when moving between different pages of a site, a person is not perceived by the service as a new, unauthorized visitor. You already know that this is text information. And cookies work very simply: when you move from one page to another, the server sends a request to the computer for the data from the cookies. Using them, he finds out who is going to perform such an action, and then, based on the information received, he grants or denies the request. Cookies are also used when creating online stores. It is thanks to them that the familiar shopping cart can exist, in which data about selected but not yet purchased goods can exist. And it is cookies that allow the specified products not to disappear from it while you are browsing other parts of the catalog and placing an order.

How are cookies useful?

You already know about several aspects of using cookies. We also managed to find out what it is. Now let's talk about what else can be useful this technology and in what cases you can’t do without it.

Surely you know that now many services have so-called “affiliate programs”. Almost all of them are long-term and last for months or even years. Throughout this period, information is stored on the hard drive, thanks to which the partner will receive his percentage if the user who follows his link orders a service or product from the seller.

When working with visit counters, rating and voting systems, cookies are also used. What does this give in this case? Cookies are necessary so that the system can determine that a given user has already followed a link or left his vote. That is, there is some kind of insurance against artificial markups. There are ways to bypass such protection, but to ordinary users this result is more than enough.

What should you be wary of?

When working with cookies, it is important to remember that in some cases, seemingly harmless text information can be dangerous.

Cookies are one of the most important potential causes of online privacy violations. Why is this happening? Advertising sites always track which advertisements a particular user views. Cookies store data about which advertisements a person has already seen and track which topics are of interest to him. And while we are talking about cookies for a single site, there is no need to talk about the leakage of personal information. But if we are talking about large advertising networks, the codes of which are present on the vast majority of resources, everything becomes more complicated. Thus, thanks to the system, it can collect almost all the information about a person’s online activities. And if he enters his first and last name on some website, it becomes possible to connect all these actions with a real person.

There are other problems associated with cookies. They are mostly encountered by programmers who write document code. cookies for different sites. Without first reading professional sources, you can allow logins and passwords for the site to be stored in cookies. As a result, it becomes very easy to seize them and use them for your own purposes. However, almost all more or less serious sites store passwords and logins in a database on the server. Cookies are used here simply as a conditional identifier for the user. Moreover, it is issued only for a short period of time. That is, even if a hacker manages to gain access to cookies, he will not find any valuable information there.

How to enable, disable and clear cookies?

If you decide to disable cookies, please note that you will have to re-enable them each time you visit a site that requires them.

For Mozilla Firefox. Go to “Tools”. Next, you should find the “Settings” item, and in it - the “Privacy” tab. Opposite Firefox, in the “History” frame, you need to select “do not remember” from the list.

For Google Chrome. Open “Options” by clicking on the button in the form. After that, go to “Advanced” -> “Content Settings”. In the window that appears, you need to select Cookie, and then check the box that prohibits sites from storing data.

As you can see, disabling or re-enabling cookies in Chrome and Mozilla Firefox, the most popular browsers, is very simple. In other browsers, this is done in the same way, using the “Security”, “Privacy”, etc. tabs.

If you need to clear cookies, it's faster and easier to do so without using standard means browser, and using special utility- cCleaner. Before cleaning, you need to close all browsers, otherwise you will not be able to delete all cookies.

But in general best option- install one of the programs that automates work with cookies. Nowadays there are a huge number of such applications, they weigh quite a lot and relieve users from the need to constantly change parameters manually.

Cookies - information in the form text file, stored on the user's computer by a website. Contains authentication data (login/password, ID, phone number, address mailbox), user settings, access status. Stored in the browser profile.

Cookie hacking is the theft (or “hijacking”) of a web resource visitor’s session. Private information becomes available not only to the sender and recipient, but also to a third party - the person who carried out the interception.

Cookie Hacking Tools and Techniques

Computer thieves, like their colleagues in real life, in addition to skills, dexterity and knowledge, of course, also have their own tools - a kind of arsenal of master keys and probes. Let's take a look at the most popular tricks hackers use to extract cookies from Internet users.

Sniffers

Special programs to monitor and analyze network traffic. Their name comes from the English verb “sniff” (sniff), because. literally “sniff out” transmitted packets between nodes.

But attackers use a sniffer to intercept session data, messages and other confidential information. The targets of their attacks are mainly unprotected networks, where cookies are sent in an open HTTP session, that is, they are practically not encrypted. (Public Wi-Fi is the most vulnerable in this regard.)

To embed a sniffer into the Internet channel between the user node and the web server, the following methods are used:

• "listening" network interfaces(hubs, switches);
• branching and copying traffic;
• connecting to a network channel gap;
• analysis through special attacks that redirect the victim’s traffic to the sniffer (MAC-spoofing, IP-spoofing).

The abbreviation XSS stands for Cross Site Scripting. Used to attack websites in order to steal user data.

The principle of XSS is as follows:

• an attacker inserts malicious code (a special disguised script) into a web page of a website, forum, or into a message (for example, when corresponding on a social network);
• the victim visits the infected page and activates installed code on your PC (clicks, follows a link, etc.);
• in turn, the executed malicious code “extracts” the user’s confidential data from the browser (in particular, cookies) and sends it to the attacker’s web server.

In order to “implant” a software XSS mechanism, hackers use all sorts of vulnerabilities in web servers, online services and browsers.

All XSS vulnerabilities are divided into two types:

• Passive. The attack is obtained by requesting a specific script on a web page. Malicious code can be injected into various forms on a web page (for example, into a site's search bar). The most susceptible to passive XSS are resources that do not filter HTML tags when data arrives;
• Active. Located directly on the server. And they are activated in the victim’s browser. They are actively used by scammers in all kinds of blogs, chats and news feeds.

Hackers carefully “camouflage” their XSS scripts so that the victim does not suspect anything. They change the file extension, pass off the code as an image, motivate them to follow the link, and attract them with interesting content. As a result: a PC user, unable to control his own curiosity, with his own hand (with a mouse click) sends session cookies (with login and password!) to the author of the XSS script - the computer villain.

Cookie substitution

All cookies are saved and sent to the web server (from which they “came”) without any changes - in their original form - with the same values, strings and other data. Deliberate modification of their parameters is called cookie substitution. In other words, when replacing cookies, the attacker pretends to be wishful thinking. For example, when making a payment in an online store, the cookie changes the payment amount downwards - thus, “saving” on purchases occurs.

Stolen session cookies on a social network from someone else’s account are “inserted” into another session and on another PC. The owner of the stolen cookies receives full access to the victim’s account (correspondence, content, page settings) until she is on her page.

“Editing” cookies is carried out using:

• “Manage cookies...” functions in the Opera browser;
• Cookies Manager and Advanced Cookie Manager addons for FireFox;
• IECookiesView utilities (only for Internet Explorer);
• text editor like AkelPad, NotePad or Windows Notepad.

Physical access to data

Very simple circuit implementation consists of several steps. But it is effective only if the victim’s computer with an open session, for example VKontakte, is left unattended (and for a long time!):

1. Enter into the address bar of the browser javascript function, displaying all saved cookies.
2. After pressing “ENTER” they all appear on the page.
3. Cookies are copied, saved to a file, and then transferred to a flash drive.
4. On another PC, cookies are replaced in a new session.
5. Access to the victim's account is granted.

As a rule, hackers use the above tools (+ others) both in combination (since the level of protection on many web resources is quite high) and separately (when users are excessively naive).

XSS + sniffer

1. An XSS script is created, which specifies the address of an online sniffer (either home-made or a specific service).
2. The malicious code is saved with the extension .img (image format).
3. This file is then uploaded to a website page, chat, or personal message - where the attack will be carried out.
4. The user's attention is drawn to the created “trap” (this is where social engineering comes into force).
5. If the trap is triggered, the cookies from the victim's browser are intercepted by the sniffer.
6. The attacker opens the sniffer logs and retrieves the stolen cookies.
7. Next, it performs a substitution to obtain the rights of the account owner using the above tools.

Protecting cookies from hacking

1. Use an encrypted connection (using appropriate protocols and security methods).
2. Do not respond to dubious links, pictures, or tempting offers to familiarize yourself with “new free software.” Especially from strangers.
3. Use only trusted web resources.
4. End the authorized session by clicking the “Logout” button (not just closing the tab!). Especially if you logged into your account not from a personal computer, but, for example, from a PC in an Internet cafe.
5. Do not use the browser's "Save Password" feature. Stored registration data increases the risk of theft significantly. Don't be lazy, don't waste a few minutes of time entering your password and login at the beginning of each session.
6. After web surfing - visiting social networks, forums, chats, websites - delete saved cookies and clear the browser cache.
7. Regularly update browsers and antivirus software.
8. Use browser extensions that protect against XSS attacks (for example, NoScript for FF and Google Chrome).
9. Periodically in accounts.

And most importantly, do not lose vigilance and attention while relaxing or working on the Internet!