Essential Security Engineer skill: Cookie Spoofing

You can learn this article

1. How hackers use Cookies to cheat them to gain management Permissions

2. How to Prevent hackers from using Cookies to cheat
★Software Archive

IECookiesView

Software function: This function is used to manage ie Cookies. You can view, modify, and delete Cookies, even if you are not familiar with Cookies!

Software size: 1407KB

Software authorization: free version

Software language: Simplified Chinese

Running Environment: Win9x/Me/NT/2000/XP/2003

: Http://down1.tech.sina.com.cn/download/downContent/2004-03-16/6556.shtml

★Important knowledge points in this article

1. What is Cookies?

Cookies are small texts stored in the browser directory. They record the information you visit a specific site and can only be read back by the site. Most of the information stored in Cookies is common, such as the key information and the address of the accessed site. However, many websites use Cookies to store private data, such as registration passwords, user names, and credit card numbers.

2. What is Cookie spoofing?

Modify the cookies to obtain the corresponding user permissions for logon.

3. Cookie storage path

Open IE, click "tools-> Internet Options", and click "Settings-> View Files" to list all Temporary Internet Files. Click "Internet address" to sort, and a bunch of text files are displayed. Their names are like "cookies: username @ hostname ". "Hostname" is the website domain name (such as 163.com) (1), and "username" is the Windows user name used to access the website.

Figure 1 cookies

Attack!

Skills: how hackers use Cookies to cheat.

Case

Date: January 1, December 11

Location: well-known NBA sports forum in China

Event: On the morning of the same day, when the NBA was playing, www.nbaxxbbs.com forum administrator Han Xiaohan found that a strange user had the foreground management permission and deleted many excellent posts on the forum, this results in serious loss of popularity! Han is very worried.

After one morning's analysis, Han found that the server permissions were not lost, which puzzled him. How did he lose the Forum permissions? To this end, he sent an email to the Information Security Center.

The next day, Liu Zhen, an Information Security Center engineer, checked the Forum server after listening to Xiao Han's description. He basically confirmed that hackers were using Cookies to cheat and obtained the management permissions of the Forum.