The act of modifying data within a web cookie in order to exploit an application such as a website. Although it might seem malicious, this type of hacking is actually done by ethical hackers. Cookie poisoning can be used to determine if the system allows users to log into the account without inputting their password, or if it sends information that could be sensitive.
Cookie Poisoning:
- Cookie Poisoning is a technique used in a continuous and ongoing manner to “poison” cookies, which then manipulates the cookies from being retrieved or set by an application. If successful, this can lead to the compromise of an application’s sensitive data and/or functions.
- Cookies are small text files that contain information about your login, session, and other information.
- Whenever you access a website that uses cookies, it sends these to your browser, which then stores them in encrypted form on a local storage file. This allows the web application to re-identify you as the same user when you return.
- The vulnerability in cookie poisoning lies in how websites use cookies for authorization of users specifically, and how they verify if the user is logged in or not.
Because of the way that cookies are designed, an attacker can change the login cookie to redirect you to a fake website that looks exactly like the original website.
Causes of Cookie Poisoning:
Malicious code may be inserted onto the victim’s website in a number of ways, such as:
- Exploiting vulnerabilities in outdated software (such as Java) on their computer
- Injecting malicious code via SQL injection or cross-site scripting into database queries that are sent to the server hosting the website, is known as an SQL injection attack or XSS attack, respectively.
Advantages:
- The advantage exploited by Cookie Poisoning is how websites typically verify if a user is logged in or not – by checking for the cookie.
- An attacker can change the login cookie to redirect you to a fake website that looks exactly like the original website, and thus trick you into thinking you’re still on the real version.
- When an application uses multiple URLs for a single site, it’s called a virtual host. When an attacker uses this vulnerability, he doesn’t have to crack multiple websites; instead, he only has to crack one and poison its cookies.
Examples:
- A user visiting the site unknowingly adds a code to their cookies.
- The code is malicious and can trigger something that can cause problems for a user.
- The code could be used to steal information from a website, or redirect the user to another site.
- This type of cookie poisoning is usually done on public computers in an internet café or library.
- A more common example of this attack, but also less serious, would be adding a simple message to the victim’s screen about clicking on an advertisement.
Conclusion:
Although this might sound malicious, it’s actually meant for the security of the website in question. It’s performed by ethical hackers who discover and reveal such flaws, so they can be fixed before they are exploited by malicious hackers. The way that cookies work allows cookies to be manipulated by an attacker in order to steal information or trick users into thinking they’re on a legitimate website when they’re not.
