Mutillidae HTTP-header

Previous Next

Cookies are used by the web server to store information about user page activities

Why we do cookies hack ?

Cookies stealing is an important part of hacking, through which we can directly access the login panel of the user without any username or password.

💡 We will work here in two ways, first for user and second for hacker

First user login process

Example Security label : 0 & 1

  1. First install this extension EditThisCookie on your browser , actually this is a chrome extension
  2. Just use your real username and password for login, in mutillidae this is default username & password
  3. Now click login as successfully.

Now hacker turn to hack your cookie and login without username and password.

💡 Important : steal the cookie before user's logout otherwise you can't be success.

Second Hacker's login process

  1. Look user is Logged In or Not?
  2. if user Logged In , Just click on EditThisCookie extension on your browser
  3. Now click on this export button, after click you got the cookies.
  4. As a user now click on logout button to logout the user panel
  5. Look if user is logout refresh the page
  6. Now click on EditThisCookie and click on Import button and paste or press(ctrl+v) in textarea box

Now click on button and refresh the page , Gotcha! you're logged in

💡 Tip: If you want to steal the cookie of the administrator or user of the live website, then you will have to make a complete plan how to steal the cookie from the user or admin's computer, You can also use payload method for this.

Previous Next
cybNg Designed for learning, testing and training. Examples are simplified to improve reading and basic understanding, tutorials and examples are constantly reviewed to avoid over-comprehension and errors, but we cannot warrant the complete accuracy of all content. While using this site, you agree to read and accept our use, cookie and privacy policy. All the information given in it is made for education purpose only, there will be no responsibility of this website or this organization for misuse of the information given in it. We hope that all the information provided in it is good for our students. So that it helps improve the cyber world.