Posts

Showing posts with the label HTTP cookies

Reflected XSS Exploitation in DVWA : A Beginners' Guide

Image
Welcome back to D Guides.I am Sadeepa Gayashan and I am the newly joined contributor of D Guides.I will share my knowledge on cyber security through Cyber Guides of this blog.Today I am going to share with you how steal session cookies.Most web applications maintain a user session to identify the user across multiple HTTP requests. Sessions are identified by session cookie.After a successful login server will send you a session cookie by the Set-Cookie   header.We can steal the session cookie by calling document.cookie . For demo purposes, we will use the DVWA Application. First, we need to run DVWA as a server in localhost or in VirtualBox in our web browser.Now login with Username: admin, Password: password.  this is the interface of the web application.Once logged in, we want to navigate to the DVWA Security tab, select the security level in the drop-down box, and hit Submit 1. Set security low Then we need t...