How do you log into a victim's account using their session token?

jepwei
4 years ago

0

Hi hackers,

I found an XSS vulnerability in a site that allows me to steal session tokens from users. I realize that I can use these session tokens to authenticate as the victim. However, when I connect to the site through Burp in another browser, I have to change the cookie in a LOT of requests, and it is very tedious. How do black hats do this in practice? Isn’t there a faster way to use a victim’s session token to authenticate as them?

I’d also like to note that I have not exploited this vulnerability on an account that wasn’t my own and I have no intention to.

6replies
4voices
243views
fred [feuerstein]
4 years ago | edited 4 years ago

0

You could write your own proxy to do this automated

You have to be smart to be lazy

jepwei
4 years ago

0

Fair enough. I just feel like there should be some tool or browser extension with this functionality.

fred [feuerstein]
4 years ago

0

I don’t know none. Would make my own maybe if I need it a couple of times

dloser
4 years ago

2

If only there was a way to make a browser use a cookie…

fred [feuerstein]
4 years ago

0

[quote=dloser]If only there was a way to make a browser use a cookie…[/quote]

hahahaha, good one :D

dimooz
4 years ago | edited 4 years ago

0

[quote=feuerstein]
[quote=dloser]If only there was a way to make a browser use a cookie… [/quote]

hahahaha, good one
[/quote]
+1

You must be logged in to reply to this discussion. Login
1 of 7

This site only uses cookies that are essential for the functionality of this website. Cookies are not used for tracking or marketing purposes.

By using our site, you acknowledge that you have read and understand our Privacy Policy, and Terms of Service.

Dismiss