Jump to content
vorella2015

Cum pot obtine cookie de la orice site ?

By vorella2015, in Exploituri

Recommended Posts

u0m3 Newbie

u0m3

Posted
Posted
1 minute ago, vorella2015 said:

Da , am cautat , nu stiu ce sa cred , uni zic ca se poate , alti nu .

Sincer, nu imi dau seama daca faci trolling sau nu...

Cand accesezi un website, primesti automat toate cookie-urile aferente...

Atunci cand webserver-ul iti trimite niste cookies, de fapt iti trimite header-ul http Set-Cookie in response. Toate accesarile urmatoare vor avea in request header-ul http Cookie cu acel/acele cookies primite la inceput (sau pe parcurs).

Exemplu folosind https://httpbin.org/

Spoiler 

$ curl -v -L -c curl-cookie-jar.bin 'https://httpbin.org/cookies/set?k2=v2&k1=v1'
* timeout on name lookup is not supported
*   Trying 54.221.212.171...
* TCP_NODELAY set
* Connected to httpbin.org (54.221.212.171) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* successfully set certificate verify locations:
*   CAfile: C:/Program Files/Git/mingw64/ssl/certs/ca-bundle.crt
  CApath: none
* TLSv1.2 (OUT), TLS header, Certificate Status (22):
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Client hello (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS change cipher, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256
* ALPN, server accepted to use http/1.1
* Server certificate:
*  subject: CN=httpbin.org
*  start date: Jan 11 23:37:29 2018 GMT
*  expire date: Apr 11 23:37:29 2018 GMT
*  subjectAltName: host "httpbin.org" matched cert's "httpbin.org"
*  issuer: C=US; O=Let's Encrypt; CN=Let's Encrypt Authority X3
*  SSL certificate verify ok.
> GET /cookies/set?k2=v2&k1=v1 HTTP/1.1
> Host: httpbin.org
> User-Agent: curl/7.51.0
> Accept: */*
>
< HTTP/1.1 302 FOUND
< Connection: keep-alive
< Server: meinheld/0.6.1
< Date: Sun, 28 Jan 2018 14:53:57 GMT
< Content-Type: text/html; charset=utf-8
< Content-Length: 223
< Location: /cookies
* Added cookie k1="v1" for domain httpbin.org, path /, expire 0
< Set-Cookie: k1=v1; Path=/
* Added cookie k2="v2" for domain httpbin.org, path /, expire 0
< Set-Cookie: k2=v2; Path=/
< Access-Control-Allow-Origin: *
< Access-Control-Allow-Credentials: true
< X-Powered-By: Flask
< X-Processed-Time: 0.000816106796265
< Via: 1.1 vegur
<
* Ignoring the response-body
* Curl_http_done: called premature == 0
* Connection #0 to host httpbin.org left intact
* Issue another request to this URL: 'https://httpbin.org/cookies'
* Found bundle for host httpbin.org: 0x45fb210 [can pipeline]
* Re-using existing connection! (#0) with host httpbin.org
* Connected to httpbin.org (54.221.212.171) port 443 (#0)
> GET /cookies HTTP/1.1
> Host: httpbin.org
> User-Agent: curl/7.51.0
> Accept: */*
> Cookie: k1=v1; k2=v2
>
< HTTP/1.1 200 OK
< Connection: keep-alive
< Server: meinheld/0.6.1
< Date: Sun, 28 Jan 2018 14:53:57 GMT
< Content-Type: application/json
< Access-Control-Allow-Origin: *
< Access-Control-Allow-Credentials: true
< X-Powered-By: Flask
< X-Processed-Time: 0.00118708610535
< Content-Length: 55
< Via: 1.1 vegur
<
{
  "cookies": {
    "k1": "v1",
    "k2": "v2"
  }
}
* Curl_http_done: called premature == 0
* Connection #0 to host httpbin.org left intact

 

Tot ce e prefixat cu * este legat de negocierea SSL. Tot ce e prefixat cu > este parte a request-ului. Tot ce e prefixat cu < este parte a response-ului. Restul e body-ul.

  • Upvote 1

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...