Network Security Series-17 cookie injection (burpsuite + pangolin)

Source: Internet
Author: User

On the web page, there are three data submission methods: Get, post, and cookie. Traditional injection commands such as "and 1 = 1" are added after the injection point, which belongs to the get submission method. Many websites only use the get Method for filtering, which provides an opportunity for Cookie injection.

In previous blog posts, we have introduced cookie injection through injection transfer. In order to better understand cookie injection, we use burpsuite to capture packets and use pangolin for Cookie injection. We still use the previously established lab environment. The target website uses the southern data 5.0 template, the target server IP address 192.168.80.129, And the hacker Host IP address 192.168.80.128.

 

Burp suite is a powerful comprehensive web attack platform, which is also complicated to use. Here it mainly uses its packet capture function. Software: http://down.51cto.com/data/1889494,Burp suite runs based on a Java environment, so you also need to install Java in the hacker host.

Open the target website and set the local host as a proxy server in the browser. The port number is 8080. In this way, all data sent to the Internet through a browser will be intercepted by burp suite.

650) This. width = 650; "Title =" 1.jpg" alt = "wkiol1rs873ianvuaad2fusge3c297.jpg" src = "http://s3.51cto.com/wyfs02/M02/4D/89/wKioL1RS873iANvuAAD2fUSge3c297.jpg"/>

When a webpage is opened, the data is intercepted by burpsuite and can be seen from the intercepted data, "? Id = 25.

650) This. width = 650; "Title =" 2.jpg" alt = "wKiom1RS82-yTdzVAAHhbiJmksk150.jpg" src = "http://s3.51cto.com/wyfs02/M00/4D/8A/wKiom1RS82-yTdzVAAHhbiJmksk150.jpg"/>

Click forward to forward the data and open the webpage normally. Add "and 1 = 1" and other injection statements in the address bar. Press enter and the data is intercepted by burpsuite again.

650) This. width = 650; "Title =" 3.jpg" alt = "wkiol1rs89prx9ueaaexsyqeiqe123.jpg" src = "http://s3.51cto.com/wyfs02/M02/4D/89/wKioL1RS89PRX9UeAAEXsYQeIqE123.jpg"/>

From the intercepted data, we can see that the data submitted by get is converted into the injection statement we just entered.

650) This. width = 650; "Title =" 4.jpg" alt = "wkiol1rs89_yzeqwaaiynttlq3i962.jpg" src = "http://s3.51cto.com/wyfs02/M00/4D/89/wKioL1RS89_yZEqWAAIynTTLQ3I962.jpg"/>

After understanding the principles of data submission, we will use the tool "pangolin" to inject cookies.

Run pangolin, copy the URL of the injection point to the URL bar, and click the check button on the toolbar. pangolin can automatically determine that the injection type is Cookie injection (if the injection fails to be detected, you can try several more URLs ),

650) This. width = 650; "Title =" 5.jpg" alt = "wKioL1RS8-vAqMlOAAISK1LtwRI018.jpg" src = "http://s3.51cto.com/wyfs02/M01/4D/89/wKioL1RS8-vAqMlOAAISK1LtwRI018.jpg"/>

Then, click "Get Data"-> "Get table" to display the tables contained in the database. We are concerned with the "admin" table.

650) This. width = 650; "Title =" 6.jpg" alt = "wkiom1rs85rax7shaaismhw6wne931.jpg" src = "http://s3.51cto.com/wyfs02/M01/4D/8A/wKiom1RS85rAX7ShAAISmHw6WNE931.jpg"/>

Select the "admin" table and click "retrieve". The fields in the table are displayed.

650) This. width = 650; "Title =" 7.jpg" alt = "wkiom1rs86ozwibkaaiijci91t4901.jpg" src = "http://s3.51cto.com/wyfs02/M02/4D/8A/wKiom1RS86OzWIBKAAIijCI91T4901.jpg"/>

Select the password and username fields and click get data in the right window. the user name and password are displayed.

650) This. width = 650; "Title =" 8.jpg" alt = "wkiom1rs87dc8kuiaajkz2jjo4g404.jpg" src = "http://s3.51cto.com/wyfs02/M00/4D/8A/wKiom1RS87DC8KUIAAJkZ2Jjo4g404.jpg"/>

This article is from the "one pot of turbidity wine" blog. For more information, please contact the author!

Network Security Series-17 cookie injection (burpsuite + pangolin)

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.