Privacy & Cookies

This website uses cookies. By continuing to use this site you are agreeing to our use of cookies.
Forum Index

Sections

View

Filter topics in this section

Stats

Threads7,303
Posts58,546
Authors6,681

How do you log into a victim's account using their session token?

Hacking & Security > How do you log into a victim's account using their session token?


    • 515
    • 4

    0
    Hi hackers,

    I found an XSS vulnerability in a site that allows me to steal session tokens from users. I realize that I can use these session tokens to authenticate as the victim. However, when I connect to the site through Burp in another browser, I have to change the cookie in a LOT of requests, and it is very tedious. How do black hats do this in practice? Isn't there a faster way to use a victim's session token to authenticate as them?

    I'd also like to note that I have not exploited this vulnerability on an account that wasn't my own and I have no intention to.
Viewing 6 replies - 1 through 6 (of 6 total)
  • feuerstein
    feuerstein's profile picture

    • 13160
    • 576

    0
    You could write your own proxy to do this automated

    You have to be smart to be lazy
  • jepwei
    jepwei's profile picture

    • 515
    • 4

    0
    Fair enough. I just feel like there should be some tool or browser extension with this functionality.
  • feuerstein
    feuerstein's profile picture

    • 13160
    • 576

    0
    I don't know none. Would make my own maybe if I need it a couple of times
  • dloser
    dloser's profile picture

    • 13210
    • 1494

    2
    If only there was a way to make a browser use a cookie...
  • feuerstein
    feuerstein's profile picture

    • 13160
    • 576

    0
    If only there was a way to make a browser use a cookie... dloser

    hahahaha, good one
  • dimooz
    dimooz's profile picture

    • 13085
    • 860

    0
    If only there was a way to make a browser use a cookie... dloser

    hahahaha, good one feuerstein
    +1
    userbar.png
Viewing 6 replies - 1 through 6 (of 6 total)
You must be logged in to reply to this topic