Cookie Thef

Definition - What does Cookie Theft mean? Cookie theft occurs when a third party copies unencrypted session data and uses it to impersonate the real user. Cookie theft most often occurs when a user accesses trusted sites over an unprotected or public Wi-Fi network. Although the username and password for a given site will be encrypted, the session data traveling back and forth (the cookie) is not. By mimicking a person’s cookie over the same network, a hacker can access sites and perform malicious actions. Depending on the sites accessed while the hacker is monitoring the network, this could be anything from making false posts in that individual’s name to transferring money out of a bank account. Hacking software has made it easier for hackers to carry out these attacks by monitoring the packets going back and forth. Cookie theft can be avoided by only logging in over SSL connections or employing HTTPS protocol to encrypt the connection. Otherwise, it is best not to access sites over unsecured networks.
JavaScript is one of the most common languages used on the web. It can automate and animate website components, manage website content, and carry out many other useful functions from within a webpage. The scripting language also has many functions which can be used for malicious purposes, including stealing a user's cookies containing passwords and other information.
Cookies are information which a website requests or maintains regarding specific users which visit the page. These cookies contain information about how and when they visit, as well as authentication information for the site such as usernames and passwords. As these cookies must be in use whenever a visitor is active on a given website, an attacker who can intercept them can steal this information and use it to impersonate or catalog information about specific users.
It's possible to utilize JavaScript in order to save or modify a user's cookies for a given domain. While this is usually applied in order to create and use cookies for interactive web development, if an attacker is able to maliciously view the same cookies, it becomes a valuable hacking technique. JavaScript-based attacks are especially effective when combined with tactics like code injection, as it allows malicious code to be executed on what appears to be an otherwise trusted website.
While we don't advocate stealing anyone's passwords, this guide is a must-know topic for any pentester or IT security professional to understand. If you don't know how black hat hackers do things, you'll never be able to catch them.