Chapter 5- Attack Execution the client P a g e | 89
5.3 Altering cookies
Send a request to sever
Intercept request with Burp
Send a response with legitimate
Alter and retransmit
Write altered cookie on the client Send Altered cookie with privileged value to sever Send a privileged response
This type of attack focus on altering content of a cookie where cookies are text based files stored by the server on clients’ machines.
Attack requirement: A. Existence of a cookie used to store state information B. The used cookie is used directly without being checked by the server.
Attack process C. Using a proxy capture the request or the response writing the cookie. D. Alter the cookie value after intercepting request or response. E. Release the altered request or response.
Example: HTTP / 1.1 200 OK Set-Cookie: DiscountType = 3 Content-Length: 1230 ………
Figure 30: Cookie alter attack
The previous listing represents a part of response containing a cookie named( DiscountType) that will be written to the client and used in the next request for purchasing a service. Using a proxy tool like( Burp Proxy) setup the proxy to intercept response and rewrite the value of this cookie to point to different discount type and pass it to browser to A. Using intercept tab forward the request by clicking the forward button. B. On receiving the response edit the discount type using message editor. C. Forward the altered message to the browser to write the cookie to your machine D. The next request to the same site will hold the altered cookie and will cause changing the discount type.