Introduction
Hello guys! How are you? I am Ashish Kumar. In today’s video, I have brought it is, for you all, an introduction to cookies. Today we are going to understand about our web cookies which are saved inside the browser. We are going to understand about cookies from the perspective of hacking, security & web development.
Table of Contents
Understanding Cookies
Let’s start. Let’s see what we are going to understand today. First is, what are cookies & attributes of set cookies. Set-Cookies is part of the header. We set cookies through the header. What are its attributes & what is it going to be useful for us, we are going to see all this today. Let’s start with the cookies first, i.e., what are cookies? We can call this a web cookie.
It’s not an eating cookie, but what is a web cookie? It is saved in the web browser. There are three words written here, track, personalize & save information. How do cookies work? To keep track of something, to do personalization work or to save our information inside the browser.
How Cookies Work
What kind of information will be saved inside the browser? As an example, we can understand, to record the user session or to maintain the user session, cookies are used. For example, I login to the website and enter Id-Password and submit that Id-Password will go to the server and confirm whether it is correct or not. What happens after it is checked? The server will give me an ID over there that ID, as long as I have it, I can do all the things that a login user could do.
As soon as that Id goes from me or as soon as I logout, that ID will be automatically deleted from me & I will not be able to do all the activities on the server that the login user could do. All authority will be taken away from me because now I do not have that ID. That ID is called Session-Id, i.e., after giving Id-password, we authenticate that we are the right user, then we get Session-Id.
Through that session Id, we have an admin session or whatever we have the right to have a session that we can do all the activities on that website or server. As soon as that session ID is removed, it is saved in a part of our browser’s settings, I will tell you all where it is saved.
As soon as it is deleted or removed from there, then I will become a normal user again; I will not be a login user, I will not have any authority. So cookies are used to maintain user sessions. Here are some other points like cookie and set cookies. We have also read about these two things in the header’s session. These are two headers.
Cookie Headers
The first is a cookie, the second is to set a cookie. Where does Cookie Header come in use? It comes in used inside requests. A cookie header is useful in whatever request you share. Where does set-cookie come in used? This comes in used inside response. Here is the header of both the request and the response. What is the job of both? If we want to save any a cookie in the browser, then we use set-cookie header through which we can save the values inside the cookies of the browser or the values inside the parameters.
And through the cookie header, we repeatedly send the value saved in our browser to the server and tell in every request that we are still logged in. We are authenticated now; we can perform all the activities. In this way, by using cookies, we log in to requests and responses and perform all the activities.
Attacks on Cookies
Why are we now understanding the part of cookies? Because many attacks are performed through these cookies, out of which the most common techniques are hijacking & poisoning. In hijacking, you all must have heard that session hijacking in which your cookie ID, that is, the session ID you have got after log in; if someone steals it, he can use your account without the ID password as you were doing.
Someone can take over your account by taking your session ID & we call that session hijacking. There are many such cookie poisoning attacks, through which we do some poisoning inside the cookies. You can also add something that we will learn in the future. A brute force attack is also performed in this. Now how do cookies work? First, let’s move on to the Kali machine.
After going there, we will learn how cookies are saved and how to perform other things like session hijacking. Now we will see the cookies practically, where it is saved and how it works. For that, we will first go to Chrome browser, after going here, we go to the normal website, by going there, we will be able to practice. The name of the website is ‘textphp.vulnweb’.
This is a demo website. Here we will go, and here I see, as soon as I go to your profile, it gives the option of login and sign-up here. Either sign-up or log in. We know when cookies are generated, when we authenticate, when we give the ID password, then we get the session-id in the format of cookies.
That session-id helps maintain our session, but where is that saved? If you want to check then you will right-click and go to Inspect, as soon as you go to Inspect, you will get many options. As you can see, Element, Console, Sources, Network, Performance, etc. Here we have to go inside the option named Application.
As soon as we go here, you can see that there is a tab named cookies and the name of our website is written inside this tab. All cookies related to this website will be visible here. Only when a cookie is already added. We will see by performing the login activity, and through that, we will understand whether any session-id is being generated through it, which will be saved inside our cookies.
For that, we will go to the username, and now we login, write a username, and write a password and then we click on the login button. Now you see carefully, as soon as I click the login button, I am logged in. And as soon as I logged in, here I also got the session-id inside the cookies.
So inside these cookies, which is the name of our website, a cookie has been added to it, whose name is login and its value is ‘test/irst’. Now, this is our cookie ID; what can happen through this. It comes to us as soon as we log in. Now whatever activities we do; every request will have cookie ID from here and if we want to see how it is going, if it looks like this, we will go to the network tab.
And here you can see that you will be able to see many things. If I go to user info, you can see it here that there is a header named cookie inside the request header that carries that value. Cookies are carrying the header named our cookie, it will be confirmed by the server, as long as we are logged in, we can do this work.
But what if, in some cases, our cookie is deleted? We will log out; our session will end. And even if we click on the logout button then the activity will happen, our cookie is deleted from here. You can see the cookie has been moved from here; I am no longer logged in here. If I want to login back, then I will get login-id back then, I will become an active user back.
Cookies in Different Browsers
This is what we did in Chrome. If we are using firefox process, then what will be the process? If you go to Firefox, you will go to the same website on ‘textphp.’ After visiting this website, we will go to Your Profile.
You can see the login page is coming in front of you, but where are the cookies saved in the Firefox browser. Because when I go to the inspection, I do not see any name on the application tab. Here we have to go to the tab named Storage. Inside it is showing us the name of the cookies inside which our cookies tab are visible, whatever cookies we have inside it will be saved. As an example, we can see by repeating the same process. ‘test’ & then ‘test’ & then log in.
If I don’t even save it, then you can see if your go-to cookies, then a session-id has been added here inside cookies. This was the work of cookies. Many attacks are performed on this. If here in Chrome, open the incognito tab where I am not logged in. And I test on the loginphp. And here, I do not sign-up or log in and go directly to inspect and go to the tab with cookies inside the Application And by right-clicking here, add new and write here login which was the cookie’s name and value, i.e., the name of the session Id was login. And here its value was ‘test/test’. And here I come out by writing. I haven’t entered username and password yet, but I haven’t logged in. But if I come and click on your profile, then you I can see that I am showing as a login user. This is part of session hijacking.
Cookie Attributes
When the session is hijacked, then many such attacks were performed, but what was the function of cookies and how can we see; I hope you have understood all those things. Hopefully, through the practical part, you must have understood about cookies. Now let’s see some more details about it, like its attributes. What set of cookies was there, and what can they be useful for. The first attribute expires.
What is the use of the Expire attribute that is used inside the set cookie? ‘Sets a date until which the cookie is valid. That is, how long are the cookies that are being saved in our system or user browser, how long it will be valid, it sets the Expire Attribute. Next is the domain attribute. Let’s see what does it. ‘Specifies the domain for which the cookie is valid.
This must be the same or a parent of the domain form which the cookie is received’. The cookies you are saving must be related to a domain. And what is taken care of that the cookies of the same domain are saved in the domain in which all the activities are being done. This domain attribute is verifying that for which domain, the cookie we are using will be valid.
And we have to keep in mind that the same domain has to be mentioned which is being used commonly. So this is where the domain attribute comes into use. Next is Path attribute. What does it do? ‘Specifies the URL path for which the cookie is valid. It’s telling us exactly which path the cookies you’re adding are useful for.
That is, on which page we will go to which URL, then that cookie has to be used. Otherwise, that cookie is not used. All this information tells us the path attribute. I hope you understand all these attributes. All these attributes tell us when the cookies will expire, which domain to use, which URL to use after going to this cookie. All these things are being told here. Next is a secure attribute.
‘If this attribute is set, the cookie will be submitted only in HTTPS requests’. That is, whatever cookie will be submitted will go to the request because here, the secure attribute is used, which does not want anything to go through a normal request in clear text, which goes in HTTP, so the security of the HTTPS request will be applied.
For this reason, the secure attribute is used, whatever cookies we are sharing, no one should manipulate them, do not perform any kind of attack or do not perform things like session hijacking. In that case, that data is sent in HTTPS so that it can be moved in a secure and encrypted format. Next is HttpOnly.
‘If this attribute is set, the cookie cannot be directly accessed via client-side JavaScript.’ If this attribute is being used, then our cookies will not be used directly through client-side JavaScript, that is, they will remain secure. Because the HttpOnly attribute has been used there.
Conclusion
This was the introduction of the cookie, where we also saw the practical part understood the definition of a cookie, its attributes & we understood because if we see the attribute in a request so that we will know what action we should perform here or whether there are loopholes here, or what is the security.