Results 1 to 3 of 3

Thread: What protection does GMail have against cookie injection / poisoning?

  1. #1
    Just burned his ISO
    Join Date
    May 2010
    Posts
    7

    Default What protection does GMail have against cookie injection / poisoning?

    I'm learning about the capabilities and limitations of cookie injection within my local network. Using airmon-ng, airodump-ng, and wifizoo, I am able to passively (i.e. NON MOTM) capture the packets no problem, and view the cookies in wifizoo.

    For both the victim and "hack" machine, I cleared all cookies. To test performance on different sites, on my secondary "victim" computer I visited Facebook, GMail, and UbuntuForums. In each, I logged into the websites on the victim computer and captured packets on the hack machine.

    I am able to inject the cookies for both facebook and ubuntuforums no problem. But I have a real hard time with GMail. When I visit Google or mail.google.com, it asks me to login. Yet if I search, the google email address appears in the top right corner. So a cookie was injected, just not enough to access GMail (or change my settings).

    So I am wondering: Am I just executing wrong? Or does GMail just have better protection against cookie poisioning? If the latter, is it due to how GMail has SSL login? Is it possible to inject cookies for GMail with just passive packet capture?

  2. #2
    Super Moderator lupin's Avatar
    Join Date
    Jan 2010
    Posts
    2,943

    Default Re: What protection does GMail have against cookie injection / poisoning?

    Can you describe the details of the cookie injection attack you are attempting? Are you actually talking about capturing cookie data from these sniffed sessions and using them in your browser to access the service as the user who owns the cookie?

    If you want to know more about how the GMail authentication works Id recommend capturing the logon in an interception proxy like burp and watching the Set-cookie directive returned by the webserver to a successful login. That will let you know the domain of the cookie and whether it has properties such as "Secure" that will require transport via https.

    *The standard disclaimer about not using this method to access anyone elses accounts goes here*
    Capitalisation is important. It's the difference between "Helping your brother Jack off a horse" and "Helping your brother jack off a horse".

    The Forum Rules, Forum FAQ and the BackTrack Wiki... learn them, love them, live them.

  3. #3
    Just burned his ISO
    Join Date
    May 2010
    Posts
    7

    Default Re: What protection does GMail have against cookie injection / poisoning?

    Lupin that is exactly what I was trying for all three sites: passively capture packets using airodump and opening the .cap later and injecting into browser via wifi.

    I was shocked at how simple it was to sidejack a session. And then noticed that it didn't work for gmail. So first I was curious if I was just plain doing it wrong for gmail and I messed up in a gmail sidejack attempt.

    If I didn't mess up and gmail in fact provided a more secure cookie measure, I was then curious what is it exactly gmail is doing to make it more secure.

    So it sounds like if i inspect via burp proxy and compare a gmail http-session with another one like facebook, I may get a better understanding. When I have a chance I'll give it a shot. (it'll be a good learning exercise!)

Similar Threads

  1. Fire protection in Server Room
    By radioraiders in forum OLD General IT Discussion
    Replies: 38
    Last Post: 11-24-2009, 05:21 PM
  2. Replies: 5
    Last Post: 08-27-2009, 04:30 AM
  3. Cookie Monster
    By icebreaker101010 in forum OLD Newbie Area
    Replies: 14
    Last Post: 10-19-2008, 07:20 AM
  4. DDOS protection
    By _hap_ in forum OLD General IT Discussion
    Replies: 7
    Last Post: 05-28-2008, 01:18 PM
  5. Protection
    By ClaudeWalker in forum OLD General IT Discussion
    Replies: 28
    Last Post: 02-09-2008, 08:26 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •