cookie wp

[Leonard123]

Привет! Подскажите какую нибудь информацию по подмене cookie в wordpress.

 

[Cha01337]

Что именно тебе нужно?

 

[Leonard123]

Что именно тебе нужно?

Мне нужна инфа о том как подделывать куки

 

[Cha01337]

Мне нужна инфа о том как подделывать куки

Вот так например можно установить куку с именем user значение user123 на JS

document.cookie = "user=user123; expires=" + new Date(new Date().getTime() + 3600 * 1000).toUTCString() + "; path=/";

Либо можешь скачать какое-нибудь расширение для браузера и изменять/устанавливать с помощью него куки
Например расширение EditThisCookie

 

[dP3ter]

From a quick search on ddg https://blogs.perficient.com/2022/12/27/cookie-spoofing-explained-and-prevented/

How Do They Do This?​

In most cases, when a user logs into a web application, the server sets a temporary session cookie in the user’s browser to remember that the user is currently logged in and authenticated. The actor need only obtain the victim’s session ID, which is stored in the cookie. This information can be obtained through two primary means: “packet-sniffing” (the grabbing of unencrypted network data through a NIC in Monitor mode) or a Notification Spoof. The Notification Spoof, which falls under Cross-Side Scripting (XSS), is the most common method of performing the Cookie Spoof attack. An actor injects client-side scripts into a web page to execute arbitrary code upon loading the compromised page. This arbitrary code produces a false notification (YOUR COMPUTER IS INFECTED WITH 23 VIRUSES!!!!!) to trick the user into clicking on a malicious link with a pre-set session ID. The actor can then use the stolen session ID for their browser session, which will trick the server into believing the actor’s session is legitimate, enabling the actor to perform any functions the user would have been authorized to perform (such as accessing secure documents, sending emails, or even transferring money or making credit card purchases!).