O'Reilly logo

Kali Linux Web Penetration Testing Cookbook by Gilberto Nájera-Gutiérrez

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Obtaining session cookies through XSS

We have already talked about Cross Site Scripting (XSS), it is one of the most common web attacks nowadays. XSS can be used to trick the users to provide credentials by simulating login pages, to gather information by executing client-side commands, or to hijack sessions by obtaining session cookies and impersonating their legitimate owners in the attacker's browsers.

In this recipe, we will take advantage of a persistent XSS vulnerability to obtain the session cookie of a user and then use that cookie to hijack the session by implanting it in another browser, and then executing actions impersonating the user.

Getting ready

For this recipe, we will set up a web server that will act as our cookie gatherer; so, ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required