Using cookies to steal info from other cookies?

[bleeber 0]

Hey all,

So I play this little online game called World of Warcraft. The other day I had my account stolen from me and had to get on the phone with their technical support to have them reset my pass. While I was on the phone, I ran some anti-virus scans (AVG) and some malware scans (SB S&D). AVG came up fine but I had 7 bad cookies in firefox that showed up. This didn't really phase me at first and I just deleted my cookies and rescanned and everything was fine.

Later a friend sent me an article that stated that people were using code on their sites to steal your saved passwords from Firefox. Since the only thing I found was bad cookies I started searching about that. Some sites have provided information about cookies and the http referer to spoof cookies but I haven't found anything that appears to show how one may go about stealing cookies from other sites that are saved in your browser.

Does anyone know where I can find some docs on this or know how this was accomplished?

theBleeber

[Hiryu 0]

Most common way to steal cookies would be by using Cross Site Scripting or XSS. You inject a piece of (Javascript) code into a site that does a GET or POST to a site/page/url that you control with the cookie as a parameter.

An other way would be a trojan. I know there are trojans out there that specifically scan for gamekeys and game logins.

[PurpleJesus 12]

Why not just turn off saved passwords?? I know it's a bummer to remember all of them.... that's why I have a notebook full of them... and when I write them down, I like to transpose things so if someone were to come in and get the notebook they'll have to scratch their heads for a while trying to figure out my logic... which is screwy.

Also in firefox... tools/options/privacy... have it clear everything when close firefox.

Edited April 15, 2007 by PurpleJesus

[Vangald 0]

Why not just turn off saved passwords?? I know it's a bummer to remember all of them.... that's why I have a notebook full of them... and when I write them down, I like to transpose things so if someone were to come in and get the notebook they'll have to scratch their heads for a while trying to figure out my logic... which is screwy.

Also in firefox... tools/options/privacy... have it clear everything when close firefox.

Instead of when you close firefox I would get ccleaner or something of that nature and do it when I restart the computer or go in and do it manually when I feel paranoid. I say this cause I may be on the same site several times through out the day and may not feel like have to relog in every time, so I would assume others do the same. Also just because your account was stolen doesn't necessarily mean that your computer was hack, you yourself could of been hacked if anyone managed to squeeze info out of you. Also they could have just saw your user account name in game and then brute forced the password.

[bleeber 0]

I understand the techniques I could employ to protect myself in the future. What I was wondering is how, technically, this was done. The fact that this happened was annoying at best. What I am trying to learn is, how did they do it.

Thanks,

Edited April 16, 2007 by bleeber

[operat0r 0]

all your cookies r belong to us !

http://www.bindshell.net/tools/beef/