计算机Cookie是网站存储在用户计算机上的小数据包或小文件。通常,cookie 是无害的。创建网站 cookie 的目的是增强用户的互联网冲浪体验。每个网络浏览器都有启用和禁用 cookie(enable and disable the cookies)的选项。通过记住用户的历史,cookies 帮助网站改进他们的产品和服务。
Cookies 还跟踪用户的行为,帮助公司向他们展示最相关的广告。网站(Website)cookie 还可以通过存储用户的登录详细信息来节省登录时间。所有网站cookies都以哈希数据的形式存储用户信息。当数据被散列时,只有它来自的网站才能读取它。这是因为该网站使用独特的算法对散列数据进行编码和解码。如果黑客知道网站正在使用的哈希算法,用户的数据就会受到损害。
什么是Cookie 窃取(Cookie Stealing)或抓取(Scraping)?
Cookie Stealing或Cookie Scraping也称为会话劫持(Session Hijacking)或Cookie 劫持(Cookie Hijacking)。在这种攻击中,攻击者接管了用户的会话。会话在用户登录特定服务(例如网上银行)时开始,并在他注销时结束。攻击取决于黑客对用户会话 cookie 的了解程度。
阅读(Read):启用和禁用 Cookie 的优缺点(Merits and Demerits of Enabling and Disabling the Cookies)。
在许多情况下,当用户登录 Web 应用程序时,服务器会在 Web 浏览器中设置一个临时会话 cookie。此临时会话 cookie 指示用户当前已登录到特定会话。除非黑客知道受害者的会话密钥或会话 ID,否则无法执行成功的会话劫持。如果他能够窃取会话 cookie,他就可以接管用户的会话。另一种窃取用户cookies的方法是强迫他点击恶意链接。
(Different Methods)Cookie 窃取(Cookie Stealing)和会话劫持(Session Hijacking)的不同方法?
攻击者有很多方法可以窃取 cookie 并劫持用户的会话。我们在这里列出了一些最常用的方法。
1]会话固定
会话(Session)固定是一种钓鱼尝试。在这种方法中,攻击者通过电子邮件向目标用户发送恶意链接。当用户通过单击该链接登录他的帐户时,黑客将知道用户的会话 ID。然后他接管用户的会话。会话固定的整个过程如下:
- 黑客确定特定URL,例如HTTP://www.xyz.com/(HTTP)没有安全验证并接受任何会话标识符。
- 然后,他向用户发送了一封钓鱼电子邮件,说:“您好,请查看我们银行应用程序的这项新功能。” 单击时,该链接会将用户重定向到HTTP://www.xyz.com/login(HTTP) ? SID12345。在这里,黑客试图固定SID(会话 ID)12345。
- 当受害者成功登录会话时,黑客接管会话并可以访问受害者的帐户。
2]会话嗅探
在这种方法中,黑客使用了数据包嗅探器。数据包嗅探器是一种有助于监控网络流量的硬件或软件。由于会话 cookie 是网络流量的一部分,会话嗅探允许黑客轻松找到并窃取它们。是什么让网站容易受到会话嗅探的影响?当SSL/TLS加密仅用于登录页面而不用于网站的其余部分时,黑客可以使用数据包嗅探器来监控网站流量并窃取网站 cookie。
开放的 Wi-Fi(Wi-Fi)网络更容易受到此类黑客攻击,因为连接它们不需要用户身份验证。黑客可以在公共Wi-Fi网络上使用数据包嗅探器来监控流量并窃取不同用户的 cookie。在这样的 Wi-Fi(Wi-Fi)网络中,黑客还可以通过创建自己的接入点来执行中间人攻击。
3]跨站点脚本(XSS)
在跨站点脚本攻击中,黑客欺骗了用户的计算机系统,因此它将恶意代码视为安全的,因为它似乎来自受信任的服务器。当脚本运行时,黑客可以访问窃取 cookie。当服务器或网站缺乏必要的安全参数时,黑客可以轻松地将客户端脚本(如JAVA脚本)注入网页。当用户登陆受感染的页面时,这会导致 Web 浏览器执行代码。
4]恶意软件攻击
黑客还可以通过恶意软件程序窃取 cookie。他们开发恶意软件来执行数据包嗅探,使他们很容易窃取会话 cookie。当用户访问不安全的网站或点击恶意链接时,恶意软件(Malware)会进入用户的计算机系统。进入用户的 PC 后,它开始搜索会话 cookie。当它找到它们时,它会窃取并将它们发送给黑客。
阅读(Read):什么是广告软件跟踪 Cookie?(What are Adware Tracking Cookies?)
为什么黑客想要你的 Cookie?
黑客(Hackers)总是在寻找 cookie。但问题是,“他们实际上对被盗的 cookie 做了什么?” 我们在这里列出了黑客想要您的 cookie 的 5 大原因。
1] Cookie 抓取(Cookie Scraping)是一项有利可图的业务
由于 cookie 包含用户的敏感信息,例如信用卡详细信息、不同帐户的登录详细信息等,黑客可以通过将这些详细信息出售给网络犯罪分子来赚取可观的金钱。他们可以在暗网上轻松找到网络犯罪分子。
2]被盗(Stolen) Cookie(Cookies)是身份盗窃的(Identity Theft)燃料(Fuel)
当您在不同的在线平台上填写您的详细信息时,您的信息将保存在网站 cookie 中。如果黑客能够从这些网站窃取 cookie,他们就可以进行身份盗窃。例如,他们可以以您的名义贷款或使用您的信用卡购买昂贵的商品。
3]黑客可以接管您的帐户
您可能已经看到,当您再次登陆同一网站时,例如Gmail、Facebook等,它已经显示了您的用户名,您只需输入密码即可。这就是 cookie 通过保存用户的登录信息使用户更容易上网的方式。如果黑客窃取了这些 cookie,他们可以接管您的帐户并将其用于非法活动。如果您的帐户包含付款详细信息,您将付出高昂的代价。
4] 黑客可以使用被盗的(Stolen) Cookie(Cookies)来针对网络钓鱼攻击
黑客通过窃取用户的 cookie 来获取用户的个人信息。他们可以使用此信息进行网络钓鱼攻击。网络钓鱼攻击是一种获取用户敏感信息的欺诈性尝试。一旦(Once)黑客成功获取了用户的敏感信息,他们就可以勒索他们并要求大量资金来保护他们的信息不被泄露。
5] 黑客可以通过窃取他们的 Cookie 来伤害公司
黑客还可以通过窃取他们的 cookie 对公司造成经济损失。由于 cookie 可能包含公司的机密数据,因此黑客可以索要巨额资金。有时,网络犯罪分子或黑客还可以尝试获得对公司网络的授权访问,以监视它们或注入恶意软件。
网站所有者如何防止Cookie 窃取(Cookie Stealing)?
作为网站所有者,您应该了解防止 cookie 抓取的基本技巧。
1]安装SSL证书
用户的网络浏览器和网络服务器之间存在连续的数据传输。SSL证书以加密格式发送此数据(cookie),以便黑客无法读取它。没有SSL证书的网站以纯文本形式传输此数据。黑客可以轻松阅读此纯文本。因此,您应该始终在您的网站上安装SSL证书。
阅读(Read):如何在 Windows 10 中创建自签名 SSL 证书(How to create Self-signed SSL Certificates in Windows 10)。
2]安装安全插件
您应该在您的网站上安装WordPress 安全插件。(WordPress Security Plugin)安全插件有助于保护您的网站免受黑客攻击,还可以阻止恶意 IP 地址。除此之外,它还会定期扫描您的网站,并在任何恶意代码进入您的网站时提醒您。安全插件为您提供了一种即时清理网站的工具。使用安全插件,您可以检测黑客企图并在它们造成任何伤害之前采取适当的措施。
阅读(Read):保护您的 WordPress 网站免受黑客攻击(Protect and Secure your WordPress Website from Hackers)。
3]更新您的网站
始终使您的网站保持最新。如果您的网站上有任何过时的软件或插件,请考虑删除它们,因为它们可能会为黑客打开许多易受攻击的地方,从而通过 cookie 窃取来窃取您的机密数据。
网站访问者如何防止Cookie 窃取(Cookie Stealing)?
我们正在分享一些帮助网站访问者防止 cookie 抓取的安全提示。
1]安装受信任的防病毒软件
防病毒(Antivirus)软件可保护您的系统免受黑客的各种网络钓鱼和恶意攻击。他们还阻止潜在危险的网站。您应该定期运行完整的系统防病毒扫描,以杀死隐藏在系统中的所有病毒和恶意软件。
2]避免点击可疑链接
黑客通过电子邮件向受害者发送丰厚的报价。这些电子邮件包含可疑链接。切勿(Never)单击此类链接,因为您的 cookie 数据和个人信息可能会受到损害。
3]永远不要(Never)在网络浏览器(Web Browsers)上存储敏感信息(Sensitive Information)
Web浏览器可以选择保存密码。无论您使用哪种浏览器,都不应将密码保存在网络浏览器上。如果您保存了密码,任何人都可以在您不在的情况下在您的系统上登录您的帐户。除此之外,黑客可能会窃取您保存的密码。
4]定期清除Cookie
养成在退出网页浏览之前清除保存的 cookie的习惯。(clearing the saved cookies before you exit)或者,您可以使用隐私浏览(use private browsing)。所有网络浏览器都具有隐私浏览功能。当您以隐身方式上网时,您的所有浏览历史记录和 cookie 数据将在退出时自动删除。
我们希望本文为您提供了有关 cookie 窃取或会话劫持的足够信息。请(Please)遵循此处列出的补救措施,以保护您的 cookie 数据不被盗。
Cookie Stealing or Scraping: Why do Hackers want your Cookies?
A Computer Cookie is a small data pаcket or a tiny file that websites store on a usеr’s computer. Normally, cookies are harmless. The aim of creating website cookies is to enhance the users’ internet surfing experience. Εvery web browsеr has an option to enable and disable the cookies. By remembering the users’ history, cookies help websites improve their products and services.
Cookies also track users’ behavior which helps companies show them the most relevant ads. Website cookies are also useful in saving login time by storing the login details of the users. All the website cookies store users’ information in the form of hash data. When data is hashed, only the website it came from can read it. This is because the website uses a unique algorithm to encode and decode the hashed data. If a hacker knows the hash algorithm the website is using, the user’s data can be compromised.
What is Cookie Stealing or Scraping?
Cookie Stealing or Cookie Scraping is also referred to as Session Hijacking or Cookie Hijacking. In this attack, the attacker takes over the user’s session. A session starts when a user logs into a particular service, say, internet banking, and ends when he logs out of it. The attack relies on how much knowledge the hacker has about the users’ session cookies.
Read: Merits and Demerits of Enabling and Disabling the Cookies.
In many cases, when a user logs into a web application, the server sets a temporary session cookie in the web browser. This temporary session cookie indicates that the user is currently logged into a particular session. A successful session hijacking cannot be performed unless the hacker knows the victim’s session key or session ID. If he is able to steal the session cookies, he can take over the user’s session. Another way of stealing the user’s cookies is to force him to click on the malicious links.
Different Methods of Cookie Stealing and Session Hijacking?
Attackers have many methods to steal the cookies and hijack the user’s sessions. We are listing here some of the most common methods.
1] Session Fixation
Session fixation is a type of fishing attempt. In this method, the attacker sends a malicious link to the targeted user via email. When the user logs into his account by clicking on that link, the hacker will know the user’s session ID. He then takes over the user’s session. The entire process of session fixation is as follows:
- A hacker determines that a particular URL, say, HTTP://www.xyz.com/ has no security validation and accepts any session identifier.
- He then sends a fishing email to the user saying, “Hi there, please check out this new feature of our banking app.” On clicking, the link redirects the user to HTTP://www.xyz.com/login?SID12345. Here, the hacker is attempting to fixate the SID (session ID) 12345.
- When the victim logs into the session successfully, the hacker takes over the session and can access the victim’s account.
2] Session Sniffing
In this method, the hacker employs a packet sniffer. A packet sniffer is a piece of hardware or software that helps monitor network traffic. Since session cookies are part of the network traffic, session sniffing allows the hackers to find and steal them easily. What makes the sites vulnerable to session sniffing? When the SSL/TLS encryption is used only on the login pages and not on the rest of the website, hackers can use a packet sniffer to monitor the website traffic and steal the website cookies.
Open Wi-Fi networks are more prone to such types of hacking attacks because there is no user authentication required to connect with them. Hackers can use packet sniffers on public Wi-Fi networks to monitor the traffic and steal the cookies of different users. At such Wi-Fi networks, hackers can also perform man-in-the-middle attacks by creating their own access points.
3] Cross-site Scripting (XSS)
In a cross-site scripting attack, the hacker fools the user’s computer system, so that it treats a malicious code secure as it seems to come from a trusted server. When the script runs, the hacker gets access to steal the cookies. When a server or a website lacks essential security parameters, the hackers can easily inject client-side scripts, like JAVA scripts into the webpages. This leads the web browser to execute the code when the user lands on the compromised page.
4] Malware Attack
Hackers can also steal the cookies by malware programs. They develop malware to perform packet sniffing, making it easy for them to steal the session cookies. Malware enters into the user’s computer system when he visits unsecured websites or clicks on malicious links. After entering the user’s PC, it starts searching for the session cookies. When it finds them, it steals and sends them to the hacker.
Read: What are Adware Tracking Cookies?
Why do Hackers want your Cookies?
Hackers always remain in the search of cookies. But the question is, “What do they actually do with the stolen cookies?” We are listing here the top 5 reasons why hackers want your cookies.
1] Cookie Scraping is a Profitable Business
Because cookies contain sensitive information of the users, like credit card details, login details on different accounts, etc., hackers can earn handsome money by selling these details to cybercriminals. They can find cybercriminals easily on the dark web.
2] Stolen Cookies are the Fuel for Identity Theft
When you fill in your details on different online platforms, your information is saved in website cookies. If the hackers are able to steal cookies from these websites, they can perform identity theft. For example, they can take loans in your name or use your credit card for expensive purchases.
3] Hackers can Take Over your Account
You might have seen when you land on the same website again like Gmail, Facebook, etc., it already displays your username and you just have to enter your password. This is how cookies make internet surfing easier for users by saving their login information. If hackers steal these cookies, they can take over your account and can use it for illegal activities. If your account includes payment details, it will cost you high.
4] Hackers can use Stolen Cookies to Target Phishing Attacks
Hackers get users’ personal information by stealing their cookies. They can use this information for phishing attacks. A phishing attack is a fraudulent attempt to get the users’ sensitive information. Once hackers get success in obtaining the users’ sensitive information, they can extort them and ask a significant amount to protect their information from being compromised.
5] Hackers can Harm Companies by Stealing their Cookies
Hackers can also cause financial harm to companies by stealing their cookies. Because cookies may contain companies’ confidential data, hackers can ask for huge money. Sometimes, cybercriminals or hackers can also try to get authorized access to the companies’ networks in order to spy on them or to inject malware.
How can website owners prevent Cookie Stealing?
Being a website owner, you should know the essential tips to prevent cookie scraping.
1] Install an SSL Certificate
There is a continuous data transfer between the user’s web browser and the webserver. An SSL certificate sends this data (cookies) in an encrypted format so that the hacker cannot read it. A website without an SSL certificate transfers this data in plain text. Hackers can easily read this plain text. Therefore, you should always install an SSL certificate on your website.
Read: How to create Self-signed SSL Certificates in Windows 10.
2] Install a Security Plugin
You should install a WordPress Security Plugin on your website. The security plugin helps protect your website from hacking attempts and also blocks malicious IP addresses. In addition to this, it scans your website regularly and alerts you if any malicious code enters your website. The security plugin provides you with a facility to clean your website instantly. With the security plugins, you can detect hacking attempts and take appropriate action before they cause any harm.
Read: Protect and Secure your WordPress Website from Hackers.
3] Update your Website
Always keep your website up to date. If you have any outdated software or plugins on your website, consider removing them as they may open many vulnerable spots for hackers to steal your confidential data via cookie stealing.
How can website visitors prevent Cookie Stealing?
We are sharing some security tips that help website visitors prevent cookie scraping.
1] Install a Trusted Antivirus
Antivirus software protects your system from all types of phishing and malicious attacks by hackers. They also block potentially dangerous websites. You should run a full system antivirus scan regularly to kill all the viruses and malware hidden in your system.
2] Avoid clicking Suspicious Links
Hackers send lucrative offers to their victims via email. These emails contain suspicious links. Never click on such links as your cookie data and personal information may be compromised.
3] Never store Sensitive Information on Web Browsers
Web browsers have an option to save passwords. You should never save your passwords on your web browsers, no matter which browser you are using. If you save your password, anyone can log into your account on your system in your absence. Apart from this, hackers may steal your saved passwords.
4] Clear Cookies regularly
Make a habit of clearing the saved cookies before you exit web browsing. Alternatively, you can use private browsing. All web browsers have a private browsing feature. When you surf the internet in incognito, all your browsing history and cookie data will be deleted automatically on exit.
We hope this article gave you sufficient information on cookie stealing or session hijacking. Please follow the remedies listed here to protect your cookie data from being stolen.