Chapter 5 - Attack Execution the client P a g e | 89
5.3 Altering cookies
Send a request to sever
Intercept request with Burp
Send a response with legitimate
Alter and retransmit
Write altered cookie on the client Send Altered cookie with privileged value to sever Send a privileged response
This type of attack focus on altering content of a cookie where cookies are text based files stored by the server on clients ’ machines .
Attack requirement : A . Existence of a cookie used to store state information B . The used cookie is used directly without being checked by the server .
Attack process C . Using a proxy capture the request or the response writing the cookie . D . Alter the cookie value after intercepting request or response . E . Release the altered request or response .
Example : HTTP / 1.1 200 OK Set-Cookie : DiscountType = 3 Content-Length : 1230 ………
Figure 30 : Cookie alter attack
The previous listing represents a part of response containing a cookie named ( DiscountType ) that will be written to the client and used in the next request for purchasing a service . Using a proxy tool like ( Burp Proxy ) setup the proxy to intercept response and rewrite the value of this cookie to point to different discount type and pass it to browser to A . Using intercept tab forward the request by clicking the forward button . B . On receiving the response edit the discount type using message editor . C . Forward the altered message to the browser to write the cookie to your machine D . The next request to the same site will hold the altered cookie and will cause changing the discount type .