What is a cookie? What does it do?
Cookies are data that the site sends to you when you access a site. These cookies are kept like crypto in your browser. We refer to some cookies as temporary. They are deleted when the browser is closed. There is also a permanent cookie, which is a cookie that is deleted inside of the time specified by the developer. But you can delete the cookies kept on your computer. We have briefly touched upon cookies. Now let's see what these cookies do. Cookies enable your computer to be verified by the website. In addition, you can automatically log in to your account registered on the website. For example, when you click on the remember me box while logging into your Türk Hack Team account, your account will stay open even if you turn your browser on and off. Some advertising companies give you advertisements according to your cookies.
What is Session Cookie? What does it do?
Session Cookie keeps your login information on servers instead of keeping it on the computer like normal cookies. When your computer logs in, the server sends an encrypted cookie to your computer. This cookie is deleted when your browser is closed. It is more secure than normal cookies, it is a cookie that avoids pass to cookie attack.
Pass The Cookie Attack
Now let's come to this attack, which is our main topic. Now I will explain theoretically and give you an example to explain this process. The attacker is trying to feed its own malware to the target person via e-mail or another way. If the victim downloads and installs this malicious software on her computer, it pulls the cookies that the browser keeps inside and sends them to its own server. If the victim downloads and installs this malicious software on its computer, it pulls the cookies that the browser keeps inside and sends them to its own server. It can also pretend to be you by using these cookies. Let's give an example now. Let's think of an influencer. This friend receives a sponsorship offer to its email for a Vpn promotion. It's like if you use this product and shoot a video, we'll give you $100. Our influencer accepts this offer and installs the VPN and runs it on its computer. The malicious software hidden inside this VPN copies the cookies in the browser and sends them to the attacker's servers. With this method, the attacker accesses the session cookies of the influencer, and since the cookies it accesses are crypto, it decrypts this crypto with the program called Mimikatz. And it can connect to the system as if a victim is connected.
Source; İnstagram Hesaplarınızın Nasıl Çalındığını Öğrenin!
