Hackers teach you how to crack Session cookies

CommentsThe so-called session cookie means that after you log on to the platform successfully, a cookie is sent, indicating that you have passed the verification, but unlike the general cookie, the cookie will not exist on your hard disk. That is to say, it will disappear after you leave the browser, that is, the cookie will disappear when you re-open the browser next time and then enter the site. So, how to make the so-called session cookie, that is, after you log on to the platform successfully, send a cookie, indicating that you have passed the verification, but unlike the general cookie, the cookie will not exist on your hard disk. That is to say, it will disappear after you leave the browser, that is, the cookie will disappear when you re-open the browser next time and then enter the site. So how can we make this cookie always valid? It's been too long.
Let's keep it for 50 years... the following is a code snippet:
Set win = external. menuArguments
S = win.doc ument. cookie
For each I in split (s ,";")
Document. cookie = I & "; expires = Thu, 1 Jan 2099 UTC"
The next principle is simple: Read the session cookie, and then set the expire date to a dozen years later. Is this easy to use?
1. some platforms use session cookies, so that you can only download them using IE, instead of using flashget (because flashget cannot catch session cookies, you can use flashget and nettransport to catch these platforms.
2. for platforms such as holio, login is run once, and then login-free, without verification, directly accessing the webpage (validity period depends on asp session, generally about 1 day)
3. crack some simple websites, such as softking (with unregistered users, you can only query three times, otherwise you have to turn off the unreasonable restrictions of the browser). After a softking operation, the cookie record will always be "check, softview = 1 .. that is to say, no matter how many times you query, the sent cookie value will always be 1, causing the cancellation of browsing restrictions.
4. Do I have to log on to the forum because the Cookie retention period provided by the Forum is not long enough? Add yourself to 50 years ..
5. The attacker needs to manually enter the front door of the gif number seen on the screen (only manually input once, save the cookie, and perform brute force cracking). How can he run this program?
##################
[General Usage: Applicable to IE, Sleipnir, MyIE2, all browsers]
Right-click IE (that is, when you are running FlashGET to capture a file, right-click the file, and choose download, that is, right-click IE)
Run the following program in c: \ winnt \ web \ pcookie.htm:
<Script language = "VBScript">
Set win = external. menuArguments
Set doc=win.doc ument
S = doc. cookie
For each I in split (s ,";")
Doc. cookie = I & "; expires = Thu, 1 Jan 2099 UTC"
Next
</Script> ---------------------------------------
Then, put the following REG into c: \ winnt \ web \ pcookie. reg
--------------------------------------- The following is a code snippet:
Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER \ Software \ Microsoft \ Internet Explorer \ MenuExt \ (& P) cookie]
@ = "C:/winnt/web/pcookie.htm"
"Contexts" = dword: 000000ff
------------------------------------- Execute the reg file, and re-open IE, you can right-click IE, #################### [dedicated for Sleipnir]
At the top of the URL bar, there is a green arrow on the right, that is, AddrMenu. Click Next and select "Edit extended menu 」
In AddrMenu. INI, add the row at the bottom (the following three rows need to be connected to one row )---------------------------------------
The following is a code snippet:
(& P) cookie | javascript: var ar = document. cookie. split (";");
For (I = 0; I <ar. length; I) {document. cookie = ar
"; Expires = Thu, 1 Jan 2099 UTC" ;}; eval ()