Welcome, Guest: Register On Nairaland / LOGIN! / Trending / Recent / NewStats: 3,150,477 members, 7,808,745 topics. Date: Thursday, 25 April 2024 at 04:09 PM |
Nairaland Forum / Science/Technology / Programming / Who Can Pentest A Webform For Hidden Cookies And Tokens (1964 Views)
Why Is It That The Things That Give Money In Tech Are Always Hidden? / Firefox 65 Will Block Tracking Cookies By Default / PHP Cookies For State Management (2) (3) (4)
Who Can Pentest A Webform For Hidden Cookies And Tokens by DexterTech: 8:47am On Apr 19, 2019 |
Hello nairaland I am an ethical hacker am trying to programmatically log into a website , I successfully gained access nairaland and some other tough sites and it worked because nairaland does have much security for that . But when I try to login to some other sites it won’t work cus I may not have supplied the right cookie as a real browser would or sometimes there are some client side tokens that are difficult to find out where they where generated . Abeg who sabi web pentesting very well , make we meet abeg |
Re: Who Can Pentest A Webform For Hidden Cookies And Tokens by DexterTech: 9:29am On Apr 19, 2019 |
I can’t believe my eyes , is there no ethical hacker in this forum ? |
Re: Who Can Pentest A Webform For Hidden Cookies And Tokens by EvilSec: 10:37am On Apr 19, 2019 |
DexterTech:You're basically trying to either steal auth tokens or perform session id randomness to hijack user's session. Intercept the requests with burp and analyze it in the sequencer. Should show all hidden tokens. 3 Likes 1 Share |
Re: Who Can Pentest A Webform For Hidden Cookies And Tokens by DexterTech: 3:52pm On Apr 19, 2019 |
Thanks bro, I was using fiddler and chrome network development tester it only showed me the url parameters, and a cookie which I don’t know where it came from . I will try with burp and give you reply . Thanks man |
Re: Who Can Pentest A Webform For Hidden Cookies And Tokens by Nobody: 4:03pm On Apr 19, 2019 |
EvilSec:This guy that relies on copy n paste solutions |
Re: Who Can Pentest A Webform For Hidden Cookies And Tokens by EvilSec: 4:06pm On Apr 19, 2019 |
DexterTech:You're welcome. |
Re: Who Can Pentest A Webform For Hidden Cookies And Tokens by EvilSec: 4:08pm On Apr 19, 2019 |
modestbrowser:I've got stalkers now? Where in my post did you see copy and paste? 1 Like |
Re: Who Can Pentest A Webform For Hidden Cookies And Tokens by holuphisayor(m): 8:08am On Apr 20, 2019 |
DexterTech:what do you mean by hidden cookie? I use fiddler to capture network requests. But isn't it the same as checking your network tab on your browser and copying the request headers? |
Re: Who Can Pentest A Webform For Hidden Cookies And Tokens by DexterTech: 9:07am On Apr 20, 2019 |
holuphisayor: It will capture the request headers quite alright, In the same request header there are some essential cookies sent along with the request. And if the server does not see that cookie it won’t give the right response, and in this case the cookie is unique for each request and I don’t know where it came from using chrome network tester or fiddler . In some other sites it might be a token generated by an algorithm that can be sent back as a cookie or as a csrf token along with the request. And if the token or cookie does not match the algorithm the server will return a bad response. The problem is this sites hide the way this cookie or csrf are gotten so no one can send post or get request to the server without using a Webbrowser |
Re: Who Can Pentest A Webform For Hidden Cookies And Tokens by holuphisayor(m): 9:33am On Apr 20, 2019 |
DexterTech:Have you tried puppeteer? Since, you already know the problem. |
Re: Who Can Pentest A Webform For Hidden Cookies And Tokens by DexterTech: 9:57am On Apr 20, 2019 |
holuphisayor: puppeteer Is a node.js library and I’m guessing it will it will do the job , but how fast can it run Can I have your phone number or email ? |
Re: Who Can Pentest A Webform For Hidden Cookies And Tokens by holuphisayor(m): 10:07am On Apr 20, 2019 |
DexterTech:It's headless by default. share ur whatsapp I'll contact u. |
Re: Who Can Pentest A Webform For Hidden Cookies And Tokens by DexterTech: 10:59am On Apr 20, 2019 |
Re: Who Can Pentest A Webform For Hidden Cookies And Tokens by holuphisayor(m): 11:02am On Apr 20, 2019 |
DexterTech:Seen |
Re: Who Can Pentest A Webform For Hidden Cookies And Tokens by DexterTech: 11:59am On Apr 20, 2019 |
Must it be in js or can it be called from another language like python |
Re: Who Can Pentest A Webform For Hidden Cookies And Tokens by Echatbook: 8:21pm On Apr 20, 2019 |
Which site are you trying to login to, let me see |
Re: Who Can Pentest A Webform For Hidden Cookies And Tokens by DexterTech: 8:08am On Apr 22, 2019 |
Echatbook: If I should mention the site, some people might miss behave. Should I drop my contact or you drop yours so I can paste it on WhatsApp |
Re: Who Can Pentest A Webform For Hidden Cookies And Tokens by jibrilELsudan: 1:40pm On Apr 22, 2019 |
GO LEARN WEB APPLICATION PENTESTING. LEARN HOW TO USE BURPSUITE AND THE LIKES. I HAVE READ VARIOUS COMMENTS FROM WANNABE NIGERIAN HACKERS AND ONE THING I CAN SAY IS THAT THEIR SHALLOW MENTALITY IS BEYOND SHOCKING. HOW CAN THEY ALWAYS SAY THAT USING HACKING TOOLS MAKES ONE A SKID AND AN AMATEUR? THEY ALWAYS SAY THAT ONE MUST WRITE HIS OWN HACKINGTOOLS. INDEED NIGERIAN HACKERS HERE ON NAIRALAND ARE BEYOND STUPID. EVEN NSA HACKERS USES HACKING TOOLS WRITTEN BY THE NSA. ITS THIS SAME NSA HACKING TOOLS LIKE WANNACRY, EMOTET, ETC THAT ARE LEAKED THAT HACKERS MODIFY AND USE TO CAUSE HAVOC. RUSSIAN HACKERS USES HACKING TOOLS. THE WORLD BEST HACKERS , HACKING ORGS USES HACKING TOOLS SO WHERE NIGERIAN HACKERS GET THAT STUPID MENTALITY FROM IS A PROOF THAT INDEED NIGERIA IS CURSED.
|
Re: Who Can Pentest A Webform For Hidden Cookies And Tokens by EvilSec: 5:04pm On Apr 23, 2019 |
Now that's a whole lot of unnecessary information. |
Re: Who Can Pentest A Webform For Hidden Cookies And Tokens by Echatbook: 11:13am On Apr 24, 2019 |
DexterTech:You can drop yours |
Re: Who Can Pentest A Webform For Hidden Cookies And Tokens by Nobody: 12:45pm On Apr 24, 2019 |
jibrilELsudan:Do you know the meaning of HTML? |
Re: Who Can Pentest A Webform For Hidden Cookies And Tokens by jibrilELsudan: 2:08pm On Apr 24, 2019 |
|
Re: Who Can Pentest A Webform For Hidden Cookies And Tokens by Nobody: 3:04pm On Apr 24, 2019 |
jibrilELsudan:Lols... Funny enough i have used that same picture b4 |
Re: Who Can Pentest A Webform For Hidden Cookies And Tokens by Godsfavour78: 7:20am On Apr 25, 2019 |
modestbrowser:what a stupid irrelevant question. |
Re: Who Can Pentest A Webform For Hidden Cookies And Tokens by Nobody: 7:34am On Apr 25, 2019 |
Godsfavour78:How |
Re: Who Can Pentest A Webform For Hidden Cookies And Tokens by DexterTech: 10:35pm On Apr 25, 2019 |
Echatbook: +2347060****1. WhatsApp |
Re: Who Can Pentest A Webform For Hidden Cookies And Tokens by Nobody: 2:31am On Apr 26, 2019 |
DexterTech: I can now put u through.... It's easy Only on Node.js tho |
Re: Who Can Pentest A Webform For Hidden Cookies And Tokens by DexterTech: 6:27pm On Apr 27, 2019 |
modestbrowser:I know it’s achieveable with node.js , I’m trying to achieve this using c# or vb.net |
Re: Who Can Pentest A Webform For Hidden Cookies And Tokens by Nobody: 8:06pm On Apr 27, 2019 |
DexterTech:Ok... U didn't state it. |
Re: Who Can Pentest A Webform For Hidden Cookies And Tokens by DexterTech: 6:35am On Apr 28, 2019 |
modestbrowser: Yeah, I used fiddler to capture all required cookies, headers and post parameters. The thing is any time the form is submitted the JavaScript unsubmit(); Code adds some other custom cookies and parameters which are not visible in the pure html source code . The JavaScript code is very bulky so how can I detect which code is executed on form submit(); and detect how those cookies or parameters are gotten and implement it with c# for a successful login |
Re: Who Can Pentest A Webform For Hidden Cookies And Tokens by Nmeri17: 12:20am On May 04, 2019 |
jibrilELsudan:wawwwuu |
(1) (Reply)
Can A Skilled Programmer Make It In Nigeria? / In Need Of An Inventory Management System Software. / In Need Of A Flutter App Developer
(Go Up)
Sections: politics (1) business autos (1) jobs (1) career education (1) romance computers phones travel sports fashion health religion celebs tv-movies music-radio literature webmasters programming techmarket Links: (1) (2) (3) (4) (5) (6) (7) (8) (9) (10) Nairaland - Copyright © 2005 - 2024 Oluwaseun Osewa. All rights reserved. See How To Advertise. 32 |