December 6, 2016

Cookie Bruteforcing

What is cookie bruteforcing?
Where you crack the auth cookies in the http request instead of the password on the login page directly.

What makes cookie bruteforcing better then pass bruteforce?
– can bypass 2 step since most sessions assume you’ve been previously authenticated
– in password bruting after a few trys the username may lockout and you have to wait for the cooldown period to end before bruting that username again, in cookie bruting you have infinite trys as long as the cookie never gets invalidated.
– Don’t need a username when cookie bruting, it will authenticate you into a session and you’ll be able to see the username and everything else in the profile settings depending on what site your targeting.
– will only take months not years to hit something, wordpress was an example of a CMS that used to be vulnerable to cookie bruting and sessions invalidation problems.
– just like pass bruting you can distribute the work load on multiple servers using cloud computing, parallel processing, etc

Combining Session Invalidation Problems with this = efficient cookie bruting, wouldn’t recommend trying it unless you know the sessions don’t get invalidated on a site. I also don’t recommend doing this unless you have alot of servers or have the ability to run tons of threads if multi threading.I’ve gotton alot of emails on a certain email provider with this technique back when this certain email provider had sessions invalidation issues when running a script on a VPS but I was able to bring the entropy down for alot because I figured out a pattern in the cookies sometimes you can’t always bring down the entropy so it’s a waiting game most of the time, since alot of sites have tons of users you’re guaranteed to hit something eventually.

Category : Uncategorized

Leave a Reply

Your email address will not be published. Required fields are marked *

Proudly powered by Bolkya Resha and Software Testing Theme