156
◾
Ethical Hacking and Penetration Testing Guide
So we have filtered all the HTTP requests containing the cookies named “
c _ user
.” Let’s
try to inspect the first request. On inspecting the HTTP request, we find
all the cookies associated
with Facebook.
To get a clear view of all the cookies, we will right-click on the cookie field and then to
Copy
→
Bytes
→
Copy printable text only. Now, all the cookies will be selected.
We will delete
the other cookies and will save only the authentication cookies.
Hijacking the Session
Now that we have the authentication cookies of the victim, we would need
to inject these cookies
in our browser to hijack the session. Personally, I prefer the “Cookie Manager” plug-in inside of
Firefox. It’s very simple to use.
Step 1
—To
inject our cookies, we will browse facebook.com, and from our tools menu, will
select the “Cookie manager” plug-in.
Step 2
—Once the plug-in is launched, we would need to inject our cookies.
We will click on
the “Add” button at the bottom and will add both of our cookies. Here is an example.
Network Sniffing
◾
157
Step 3
—Once both of our cookies are injected, we will just refresh the page, and we will be
logged in to our victim’s account.
Dostları ilə paylaş: 
