Eric's weblog - Hacking with the browser: Cookies

<< Getting Started Again | Home | JavaScript Hacking Recap >>

Permalink
[PROGRAMMING] Hacking with the browser: Cookies

A Blonde Joke

One day, a blonde named Sally was putting together a puzzle. She was really stumped and very frustrated, so she decided to ask her husband for help.

''It's supposed to be a tiger!'' Sally cried.

''Honey," said Dan, "Put the Frosted Flakes back in the box!''

Time for a cookie hack

THIS IS FOR EDUCATIONAL PURPOSES FOR DEVELOPERS AND I AM NOT RESPONSIBLE FOR ANYTHING YOU GET IN TROUBLE FOR! THIS SHOWS YOU WHY YOU CAN NOT RELY ON JAVASCRIPT!

Cookies are a way that a browser stores important and unimportant data. They store anything from user names and passwords to the last time you were at a site to what pages you visted.

There are many expolits you can do with this if the page is not properly coded. Many forums can be hacked if they have html enabled and a password harvesting script could be easy implemented.

Now how does it work? I thought you could not see other cookies from other domains on your own site. Well that is the truth, but it is easy to get around and I will let you figure that part out, but I will show you the tricks of the trade.

Okay now the address bar is your friend if you want to see what the cookie is holding on any site. You access the cookie through the document object. For all the examples I will be using an alert to show the cookie instead of document.write. This way you do not have to keep reloading the page.

The first step is to see the cookie code stored on your computer. Goto any site that has cookies. (I ran all of my code at hotmail to see what they had going on there. I would post screenshots, but I do not want to give away my hotmail info!)

javascript:alert(document.cookie)

Okay this alerts all of the unformatted code of the cookie. Now we need to make some more sense of this so we will have to unescape the information. (basic idea: Escaping the code replaces special characters with a code so the browser can store it without problems. Unescaping replaces all of the gibberish with the characters you can understand!)

javascript:alert(unescape(document.cookie))

Okay you should be able to read it, but it is still a large jumbled mess so we need to space it out a bit. For this I will use regular expressiosn to replace the semicolons with two carriage returns. (If you are using document.write then you want to use html breaks)

javascript:alert(unescape(document.cookie).replace(/;/gi,"\n\n"))

Looking at the code I still see that there is escaped information in the strings so I am going to unescape the string again.

javascript:alert(unescape(unescape(document.cookie)).replace(/;/gi,"\n\n"))

Now what is left is a formatted bunch of strings. Yes the strings are encrypted, but you will find out that not everyone will encrypt the strings in their cookies! And if you look the source code you miight find out how to break encryption if they do not use server side code.

So for the developers how can you protect yourself? Encrypt your code and use a server side language to store your information!

Search through my blog to find other posts dealing with hacking with the browser!

Eric Pascarello HTML/JavaScript moderator at JavaRanch.com

TrackBacks[0] Comments[0] Posted by pascarello on April 27, 2004 10:45:14 AM EST

Add a comment

TrackBack to http://radio.javaranch.com/pascarello/addTrackBack.action?entry=1083080714000

April 2004
Sun	Mon	Tue	Wed	Thu	Fri	Sat
				1	2	3
4	5	6	7	8	9	10
11	12	13	14	15	16	17
18	19	20	21	22	23	24
25	26	27	28	29	30
Mar \| Today \| May

Title
Body	HTML : b, i, blockquote, br, p, pre, a href="", ul, ol, li
Math Quiz 1 + 6 =	(Helps stop blog spam)
Name
E-mail address
Website
Remember me	Yes No
E-mail addresses are not publicly displayed, so please only leave your e-mail address if you would like to be notified when new comments are added to this blog entry (you can opt-out later).