SQL Injection Lab Part 3 – Extracting/Obtaining PHP Cookie

September 13, 2016 | Views: 6181

Begin Learning Cyber Security for FREE Now!

FREE REGISTRATIONAlready a Member Login Here

Welcome back Cybrarians!
Section 9: Obtain PHP Cookie

1. SQL Injection Menu

  • Instructions:
    1. Select “SQL Injection” from the left navigation menu.


2. Select Tamper Data

  • Instructions:
    1. Tools –> Tamper Data


3. Start Tamper Data

  • Instructions:
    1. Click on Start Tamper

4. Basic Injection

  • Instructions:
    1. Input “1” into the text box.
    2. Click Submit.

    • Notes(FYI):
      • The goal here is see the GET request being made
        to the CGI program behind the scenes.
      • Also, we will use the “Surname” output with
        SQLMAP to obtain database username and password


5. Tamper with request?

  • Instructions:
    1. Make sure the Continue Tampering? textbox is
    2. Then Click Submit


6. Copying the Referer URL

  • Instructions:
    1. Select the second GET Request
    2. Right Click on the Referer Link
    3. Select Copy


7. Open Notepad

  • Instructions:
    1. Applications –> Wine –> Programs –>
    Accessories –> Notepad


8. Paste Referer URL into Notepad

  • Instructions:
    1. Edit –> Paste


9. Copying the Cookie Information

  • Instructions:
    1. Right Click on the Cookie line
    2. Select Copy


10. Pasting the Cookie Information

  • Instructions:
    1. Edit –> Paste

    • Notes(FYI):
      • Now you should have copied both the Referer and
        Cookie lines into Notepad. (See Picture)


Share with Friends
Use Cybytes and
Tip the Author!
Share with Friends
Ready to share your knowledge and expertise?
  1. well it quiet ok

  2. Is this supposed to be a suppliment to an actual course?

    All three of these are literally step by step instructions on how to perform the labs, however I do not see any instructional material with an explanation of objectives.

    The only pre-requisite I found was that of being able to set up a VM.

  3. Whats the point of just learning how to “get” the cookies. We want to understand how it actually works…thats whats useful at the end of the day.

  4. why use proxy just for that? cant u get that from the Toggle Inspector or network monitor in the browser?

  5. Good but you need more informations toput into this article

Comment on This

You must be logged in to post a comment.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Support Cybrary

Donate Here to Get This Month's Donor Badge


We recommend always using caution when following any link

Are you sure you want to continue?