How Do I Read My Password From a Cookie?

Recommended Posts

WubbaLubbaScrubScrub    1

Hi. I'm sure that this barely fits into the category... But for my science fair I'm testing how safe public Wi-fi is so I downloaded wireshark so I could capture my own cookies. I was wondering how (if possible) I would be able to read user names and or passwords to sites through the HTML that I have from the cookies. Don't worry, I am only grabbing my cookies and I'm doing this to highlight safety issues.

Share this post


Link to post
Share on other sites
virtorio    2,313

Any unsecured cookies can be captured by examining HTTP headers. Most websites don't store passwords in cookies (instead, they store some kind of access token), so keep that in mind.

  • Like 1

Share this post


Link to post
Share on other sites
Circaflex    3,131

You cannot extract passwords from cookies. This sure sounds like BLACKHAT and not WHITEHAT testing, also you are a newly registered account here with 1 post. I doubt your claims are legitimate. 

  • Like 1

Share this post


Link to post
Share on other sites
WubbaLubbaScrubScrub    1

Thanks! One of my main questions was "Can I find my user names to sites using cookies", SOOO do you happen to know anything about finding user identification using cookies? 

1 minute ago, Circaflex said:

You cannot extract passwords from cookies. This sure sounds like BLACKHAT and not WHITEHAT testing, also you are a newly registered account here with 1 post. I doubt your claims are legitimate. 

Sorry, yeah I just found out about the site. Would you like some entries from my log book?

Share this post


Link to post
Share on other sites
WubbaLubbaScrubScrub    1

I get that I seem really sketchy XD

 

Share this post


Link to post
Share on other sites
Jim K    9,390

They don't.

Share this post


Link to post
Share on other sites
WubbaLubbaScrubScrub    1
1 minute ago, Jim K said:

They don't.

Thanks for taking time to reply, but I don't understand what you're referring to. I'd be grateful if you would clarify. :)

Share this post


Link to post
Share on other sites
exotoxic    488

Well you could start by installing a browser plugin that lets you read cookies from your browser that way you can find out for yourself what they store.

Share this post


Link to post
Share on other sites
WubbaLubbaScrubScrub    1
3 minutes ago, exotoxic said:

Well you could start by installing a browser plugin that lets you read cookies from your browser that way you can find out for yourself what they store.

Hi! thanks but I'm doing the project as if I'm taking someone's information via session hijacking. So I downloaded Cookie Cadger and Wireshark. I capture my own cookies from there and I can read them, but the most information im getting is what site ive visited my CPU ETC I'm trying to see where in the code I might be able to find sometype of identification like me email address.

Share this post


Link to post
Share on other sites
exotoxic    488
2 minutes ago, WubbaLubbaScrubScrub said:

I'm trying to see where in the code I might be able to find sometype of identification like me email address.

I think you might be in over your head. Any properly coded site wont be leaking the sort of information you are looking for.

 

The best way for you to demonstrate it would be to code up a sample page that sets a cookie then capture that.

Share this post


Link to post
Share on other sites
Circaflex    3,131
14 minutes ago, WubbaLubbaScrubScrub said:

Thanks for taking time to reply, but I don't understand what you're referring to. I'd be grateful if you would clarify. :)

What Jim is saying, is that usernames and passwords are not stored in cookies. Cookies contain a random string from the website serving you.

  • Like 1

Share this post


Link to post
Share on other sites
WubbaLubbaScrubScrub    1

Do you want a sample of the HTML that I have?

 

Share this post


Link to post
Share on other sites
WubbaLubbaScrubScrub    1
Just now, Circaflex said:

What Jim is saying, is that usernames and passwords are not stored in cookies. Cookies contain a random string from the website serving you.

 Thank you. Although I don't agree with random. Most of my research was based off of Firesheep (Oct 24, 2010) which is outdated, it was supposed to display the user names of the people using the wifi using information from their cookies. From there you were supposed to be able to click on the packet and it would take you to one of 24? websites depending on which one they used. From there you could change minor pieces of their information on their profile. of course this is before these websites (for example Twitter and Facebook) started using stronger encryption, arguably what started them doing so. Or at least thats what ive heard

Share this post


Link to post
Share on other sites
Shiranui    1,728

Are login credentials EVER stored in cookies?

Share this post


Link to post
Share on other sites
WubbaLubbaScrubScrub    1

I assume they are not currently, but it seems to me part of them might have been at one point in time. Thank you for your time, and i hope you still regard me with respect regardless of my incompetence.

Share this post


Link to post
Share on other sites
WubbaLubbaScrubScrub    1

i would also like to ask if you could maybe find some of this information in sessions?

Share this post


Link to post
Share on other sites
Matthew S.    253

Modern websites generally only ever store the session ID in the cookie, then the site's backend does some magic lookup (like verifying the origin IP to the stored session IP) against the session data stored on the server.

  • Like 1

Share this post


Link to post
Share on other sites
LaP    1,790
1 hour ago, exotoxic said:

Well you could start by installing a browser plugin that lets you read cookies from your browser that way you can find out for yourself what they store.

You don' need a plugin for that. F12 > Storage > Cookies in Firefox.

  • Like 2

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now


  • Recently Browsing   0 members

    No registered users viewing this page.