Rookie Academy of crack Session cookie method-vulnerability warning-the black bar safety net

ID MYHACK58:62200924679
Type myhack58
Reporter 佚名
Modified 2009-09-17T00:00:00


The so-called session cookies, is a platform in you after a successful login, a cookie that indicates you have passed verification, but with the General cookie is different, he will not be there on your hard drive, that is to say: before you leave the browser, it will disappear, which means: the next time you reopen the browser, and then into this Station, this cookie was gone.

set win=external. menuArguments

s = The win. document. cookie

for each i in split(s,"; ")

document. cookie = i & "; expires=Thu, 1 Jan 2 0 9 9 0:0:0 UTC"


The principle is simple: is the session cookie is read out, and then put His the expire date back to more than a dozen years later, it's that simple..

With this the benefits?

1. Some platforms use the session cookie, so you can only use IE to download, and can not be used flashget to catch(because flashget can't catch the session cookie), with this program, you can break these platforms directly with flashget, nettransport catch.

2. Like holio such site, login after, ran once, after that you can free login, no authentication, directly into the page, (the Statute of limitations, see the asp session, and is generally 1 day or so)

3. Crack some simple website, such as softking(have not registered, can only query three times, otherwise you want to turn off the browser again the unreasonable limit)in softking, run once, then the cookie is always check,softview=1.. that is, no matter what you query and how many times to send the cookie value is always 1 cause the browsing limit to cancel.

4. Login Forum, smack of the forum to save a Cookie time limit is not long enough? Own plus to 5 0 years?..

5. Crack the need to manually input the screen can see the gif digital front door (only manually enter the time,save the cookie,brute force)

Well, then how to run this program?

[General usage: suitable for use in: IE, Sleipnir, MyIE2, and all browser]

Plus in IE right mouse button(that is, you have to run FlashGET catch the file, press the right mouse button, and then select the download that is IE right mouse button)to put the following this procedures, there c:\winnt\web\pcookie.htm



Then following this the REG document, there is c:\winnt\web\pcookie.reg


Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\(&P)cookie]@="c:/winnt/web/pcookie.htm""Contexts"=dword:000000ff


Perform the reg document, after reopening IE, in IE the right mouse button inside the use.

[Sleipnir only]

On the top of the URL bar, to the right there is a green arrow, that is AddrMenu, Press Go, select"Edit extension menu"in AddrMenu. INI, the bottom line, add this line(the following 3 lines need to connected into 1 line)


(&P)cookies|javascript:var ar = document. cookie. split("; "); for (i=0; i


Modify the memory disc after the selected"to re-load extended menu", you can use the..