Login into any website on mobile using cookies

      10

So this is my first write up, This write up is about how I was able to get into other users account, by stealing their cookies. It was a private program on bugcrowd, let’s just say the program was named Redact.

Bạn đang xem: Login into any website on mobile using cookies

I created my trương mục on one of the domains of the program https://passport.redact.com, after that, I mở cửa up another tên miền which was https://redact.com.cn và I was automatically logged in without creating an account on that domain name as it was using the https://passport.redact.com trương mục to authenticate users, so either create an trương mục or use the https://passport.redact.com account. So as I was playing in the browser console khổng lồ get something interesting at https://redact.com.cn I typed the Program name in console Redact and I got something RedactId, it was a javascript Object with user information lượt thích user Id and e-mail so now I tried to find the JS tệp tin from which this object was created và luckily I got that file.

So after reading that tệp tin source code, I got my eyes on a function which was requesting logged in user cookies from the server và was sending that cookie khổng lồ a subdomain https://reg.redact.com.cn lớn get user Id và email, the complete URL was lượt thích this https://reg.redact.com.cn/auth/setcookie?cookie=usercookie&domain=redact.com.cn



So now I downloaded that file và modified the source code to lớn log the user cookie in console instead of sending it to https://reg.redact.com.cn và uploaded that modified file on my server & I was hoping that it should log the cookies in the console.



and it worked the whole URL with cookie was logged in my vps console, now it was time to kiểm tra that am I able to log in my account using that cookie.

Xem thêm: Adobe Bridge Là Gì? Công Dụng & Cách Sử Dụng Phần Mềm Br Là Gì



So when I opened this URL in the incognito window I got a response lượt thích this sum=sum+1, so khổng lồ confirm if I was able khổng lồ login in the account I opened up https://redact.com.cn and yes I was logged in my account.

So now in order to log into other users tài khoản I just have khổng lồ send them this URL of the modified js tệp tin on my server, & their cookies will be stored on my server.

It was a weird bug và it was hard to explain to lớn the Program that how it was exploited, but the wait was worth it.