First run the Wireshark on the target a machine and open the browser, turn off other network-occupied software before opening, here I take 51cto.com to do the test.
Normal login 51CTO User Center, use at this time
Http.cookie and Http.request.method==post
The syntax filters the packets captured by the Wireshark.
, expand the Hypertext Transfer Protocol item to view the cookie information that was captured and copy it as plain text.
Log in to the B machine below and use the Firefox or Chrome plugin to make use of the captured cookie information.
Browser |
Plug - ins |
Firefox |
Plugin http://userscripts-mirror.org/scripts/show/119798 Extension Script Https://addons.mozilla.org/zh-CN/firefox/addon/greasemonkey/?src=search |
Chrome |
Plugin Https://github.com/evilcos/cookiehacker |
Firefox Please install the original Cookie injector plugin before installing the Greasemonkey extension script.
Restart the browser after installing the plugin, then press Alt+c in Firefox to bring up the input cookie Information window. Paste the cookie information we just captured and click OK, and we can see the plugin prompt that we have successfully written the cookie information. Chrome browser operation is similar, is the cosine write Cookiehacker plug-in, the same is alt+c to paste the cookie information, and then click Inject cookies to use. Finally we refresh the browser, we can find that we have successfully landed the test account, the cookie was successfully hijacked.
Cookie hijacking via Wireshark capture packet