Javascript Injection (Cookie Editing)

January 7th, 2010 | Author: Haider M. al-Khateeb

Your browser’s address bar (URL bar) can be used to inject JavaScript code directly into the webpage you are visiting without reloading the page. The following codes are useful to do cookie editing but remember, this demonstration is for education purpose, you should not attempt to perform such test on data you do not personally own and control:

First, visit the targeted webpage and inject the following code to view realted cookie’s fields and the values assigned to them.

javascript:alert(document.cookie);

Second, to edit a certain value use:

javascript:void(document.cookie="Field=myValue");

For example, if the following field exist:

active=no

The value can be changed to yes with the following code:

javascript:void(document.cookie="active=yes");

If the field’s name does not exist, it will be created.
To have more control over cookies, refer to a proper tutorial and inject the codes in a similar way.

In addition, there are cookies editors available online such as the following PlugIn for Mozilla FireFox:

Add N Edit Cookies
Homepage: http://addneditcookies.mozdev.org.
Download latest release from: https://addons.mozilla.org/en-US/firefox/addon/573.

Posted in JavaScript |

Tags: Attack, Cookies, Firefox

5 Responses to “Javascript Injection (Cookie Editing)”

Kobra:

May 26, 2011 at 2:54 PM

I’ve known about this trick for about four years now, and I’ve actually hacked forum accounts with it before. Pretty lame that it actually works if you ask me.

Reply
MujMuj:

August 30, 2011 at 6:01 PM

THNX =D

Reply
Titochhabra:

September 21, 2011 at 4:06 PM

Hey Guys,
A Cookie is nothing but a small text file that’s stored in your browser. It contains some data such as………..
for more details please check out the following link…….
http://mindstick.com/Articles/0d398a71-36a1-4dc3-9c5a-ce0ad6884778/?Manipulation%20Cookies%20in%20Java%20Script

Thanks !!!!

Reply
blackichan:

June 12, 2012 at 9:06 AM

What do you do when the javascript doesn´t return any data??

Reply
blackichan:

June 12, 2012 at 6:42 PM

When I use this injection, I dont get anything back from the webpages. Do I need to sign in to use it, or am I doing something wrong. I copy the lines to javascript into the URL bar of the page and made sure to change “MyValue” to a cookie name, but got nothing back.

Reply

My Tweets

"Criticizing the victims of terrorism should never be American policy" "Maliki Shuld Not Appease Terror" @mrubin1971 http://t.co/WmrFKY4U2V 02:08 PM May 03, 2013 from web Reply Retweet Favorite
It just feels wrong to see members of the Iraqi #ISOF chatting and sharing pictures on facebook -- at least some of them hide their faces! 02:12 AM May 03, 2013 from web Reply Retweet Favorite
Just watched #Eden, a very well-made film to raise awareness of human trafficking. Based on the real-life story of Chong Kim, Google her! 01:57 AM May 03, 2013 from web Reply Retweet Favorite
With the #NCCR team at the National Stalking Awareness Day, Emmanuel Centre, London #knowthelaw #usethelaw #NSAD13 10:55 AM April 18, 2013 from Twitter for BlackBerry® Reply Retweet Favorite
RT @cmaple: Do you know anyone that has been stalked after using online dating? Let me know if so. We are looking into this. #NSAD13 10:44 AM April 18, 2013 from Twitter for BlackBerry® Reply Retweet Favorite

@H4ider

Javascript Injection (Cookie Editing)

5 Responses to “Javascript Injection (Cookie Editing)”

Leave a Reply