Mutillidae Cookie hack
Cookies are used by the web server to store information about user page activities
Why we do cookies hack ?
Cookies stealing is an important part of hacking, through which we can directly access the login panel of the user without any username or password.
💡 We will work here in two ways, first for user and second for hacker
First user login process
Example Security label : 0 & 1
- First install this extension EditThisCookie on your browser , actually this is a chrome extension
- Just use your real username and password for login, in mutillidae this is default username & password
- Now click login as successfully.
Now hacker turn to hack your cookie and login without username and password.
💡 Important : steal the cookie before user's logout otherwise you can't be success.
Second Hacker's login process
- Look user is Logged In or Not?
- if user Logged In , Just click on EditThisCookie extension on your browser
- Now click on this export button, after click you got the cookies.
- As a user now click on logout button to logout the user panel
- Look if user is logout refresh the page
- Now click on EditThisCookie and click on Import button and paste or press(ctrl+v) in textarea box
Now click on button and refresh the page , Gotcha! you're logged in
If you want to steal the cookie of the administrator or user of the live website, then you will have to make a complete plan how to steal the cookie from the user or admin's computer, You can also use payload method for this.