Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Q and A on cross site request forgeries and breaking into sessions. It's one of the attacks that XSS enables and the attack of the future. For Session, fixations, hijacking, lockout, replay, session riding etc.... 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
Way to steal sessions across two browsers
Posted by: cttnmth
Date: June 14, 2007 11:19PM

I have tried a few things to no avail.Is this possible?

Suppose you have two browsers open,one,Firefox browsing http://this.site.Then, say,you have Opera open on another site,http://that.site.Is there a way to link these two browsers' sessions through XSS or CSRF?

Killing Me,
cttnmth

Options: ReplyQuote
Re: Way to steal sessions across two browsers
Posted by: Martin
Date: June 15, 2007 04:32AM

Well... not easily and I'm only working on doing it by IP address.

The way I would do it:

Get cookie from Site A using XSS
Submit cookie to your own site registering the IP address it was submitted with
Site B (again via XSS but in different browser) requests JSON file (via <script> tag) from your site which matches up the IP address from the last request and serves a JSON file that contains the cookie data from Site A
Write the cookie data from the JSON object into document.cookies.

http://www.the-mice.co.uk/switch/ Switch/Twitch
http://code.google.com/p/dotnetids .NETIDS

Options: ReplyQuote
Re: Way to steal sessions across two browsers
Posted by: Anonymous User
Date: June 15, 2007 08:49AM

use security vulns for access to local file system.

Options: ReplyQuote
Re: Way to steal sessions across two browsers
Posted by: ntp
Date: June 15, 2007 09:16AM

it is certainly possible if they have the same session across both browsers, although this normally wouldn't happen. i wonder if it is possible to inject a cookie into their second browser with the same session id as the first browser?

let me put some more thought into this. i've thought about it before and had a few ideas on how to do this. i'm certain it's possible

Options: ReplyQuote
Re: Way to steal sessions across two browsers
Posted by: Kyran
Date: June 15, 2007 01:40PM

I was thinking about this earlier when I read an article about people browsing with two browsers for extra security. Aside from using an exploit to access the local file system and write a new cookie/etc for the other browser, I have no good ideas unless they visit the same site in both browsers.

I'm thinking there might be some fancy thing involving an iframe and csrf, but I'm busy drinking.

- Kyran

Options: ReplyQuote
Re: Way to steal sessions across two browsers
Posted by: thrill
Date: June 15, 2007 01:57PM

In my limited knowledge of this type of security, the one thing I can think of would be if the person is browsing with the browser that is NOT their 'default' browser, at which point you could open a new hidden browser using some of that magic you guys possess, at which point you would have access to both browsers.

--thrill

---

It is not the degrees you hold, but the mind you possess. - thrill

Options: ReplyQuote
Re: Way to steal sessions across two browsers
Posted by: Kyran
Date: June 15, 2007 02:02PM

That's a good idea, there must be a way to trick the current browser to open a new window in the default browser, either open a site you control, or open the 'safe' browser site with an XSS vuln.

- Kyran

Options: ReplyQuote
Re: Way to steal sessions across two browsers
Posted by: Anonymous User
Date: June 15, 2007 05:59PM

I rather put my money on stealing it between two tabs then two browsers.

Options: ReplyQuote
Re: Way to steal sessions across two browsers
Posted by: cttnmth
Date: June 16, 2007 01:00AM

I was trying to steal cookies using XSS from Opera via Firefox.No go,so far.

If I can get something working,I will let you all know.

Cheers,
cttnmth

Options: ReplyQuote
Re: Way to steal sessions across two browsers
Posted by: kirke
Date: October 28, 2007 06:10AM

if you're in a M$ world, did you try the %-URL-vulnerability?

Options: ReplyQuote
Re: Way to steal sessions across two browsers
Posted by: digi7al64
Date: October 30, 2007 06:27PM

@ntp - yes you can swap/inject cookies (specifically session id's) between browsers with no problems.

As for stealing them between browsers, you need to find a persitant xss hole which you can leverage as a storage point in the code to hide and retreive the session id (which is why you should always bind the cookie to an IP and Browser string at the minumum).

----------
'Just because you got the bacon, lettuce, and tomato don't mean I'm gonna give you my toast.'

Options: ReplyQuote


Sorry, only registered users may post in this forum.