Method for cracking Session cookies

Method for cracking Session cookies

The acquired session cookie is after you successfully log on to the website,
Send a cookie, indicating that you have passed the certificate,
The difference is that it will not exist on your hard drive, that is:
It will disappear after you open the connector, that is, the next time you re-open it
Attackers can access this site again. This cookie is no longer seen.

So, how can we make this cookie always valid? It's been a long time
We will not change in the next 50 years...

Set win = external. menuArguments
S = win.doc ument. cookie
For each I in split (s ,";")
Document. cookie = I & "; expires = Thu, 1 Jan 2099 UTC"
Next
The principle is very simple: the session cookie is sent out, and then his expire date,
After setting it to ten years later, it will be so simple ..

How to use this service?
1. Some platforms use session cookies, so that you can only use IE for offline failover, rather than flash get for capturing
(Because flashget cannot catch the session cookie), you can use this program to break these platforms.
Use flashget and nettransport directly.
2. For platforms like holio, if you run login once, you can log on without a license,
Directly into the network, (time effect, depending on asp session, usually about 1 day)
3. Crack some stand-alone websites, such as softking. (If you have not found any website, you can only query the website three times. Otherwise, you must disable it.
Unreasonable restrictions on the reuse of the receiver) after a softking operation, the cookie will always be
Check, softview = 1 .. That is to say, no matter how many times you check the token, the sent cookie value is always 1
This cancels the quota limit.
4. Do I have to discuss whether the Cookie retention period is too long? Add yourself to 50 years ..
5. The attacker needs to manually copy the gif data that is displayed on the screen (only once, the cookie is saved, and brute-force cracking is performed)

Okay. How can I run this program?
##################
[General Usage: using IE, Sleipnir, MyIE2, all uploaders]
Add the IE Mouse to the right mouse (that is, when you want to run FlashGET to capture the mouse, press the mouse to the right, and then select the mouse, that is, IE Mouse to the right)
Put the following program in c: \ winnt \ web \ pcookie.htm
---------------------------------------
<Script language = "VBScript">
Set win = external. menuArguments
Set doc=win.doc ument
S = doc. cookie
For each I in split (s ,";")
Doc. cookie = I & "; expires = Thu, 1 Jan 2099 UTC"
Next
</Script>
---------------------------------------
The following REG has c: \ winnt \ web \ pcookie. reg.
---------------------------------------
Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER \ Software \ Microsoft \ Internet Explorer \ MenuExt \ (& P) cookie]
@ = "C:/winnt/web/pcookie.htm"
"Contexts" = dword: 000000ff
---------------------------------------
Repeat the line reg later, and then re-open IE, you can use it in the right pane of the IE Mouse.

##################

[Used for Sleipnir indexing]
At the top of the page, there is a highlighted arrow on the right side, that is, AddrMenu. Click Next and choose "extend orders 」
In AddrMenu. INI, add this line to the bottom line (the following three rows must be merged into one row)
---------------------------------------
(& P) cookie | javascript: var ar = document. cookie. split (";");
For (I = 0; I <ar. length; I ++) {document. cookie = ar +
"; Expires = Thu, 1 Jan 2099 UTC" ;}; eval ()
---------------------------------------
After you modify the Save token, select "re-submit extended options" to use it ..