SQL Injection Lab Part 3 – Extracting/Obtaining PHP Cookie

September 13, 2016 | Views: 6079

Begin Learning Cyber Security for FREE Now!

FREE REGISTRATIONAlready a Member Login Here

Welcome back Cybrarians!
Section 9: Obtain PHP Cookie

1. SQL Injection Menu

  • Instructions:
    1. Select “SQL Injection” from the left navigation menu.

i-1

2. Select Tamper Data

  • Instructions:
    1. Tools –> Tamper Data

i-2

3. Start Tamper Data

  • Instructions:
    1. Click on Start Tamper

4. Basic Injection

  • Instructions:
    1. Input “1” into the text box.
    2. Click Submit.

    • Notes(FYI):
      • The goal here is see the GET request being made
        to the CGI program behind the scenes.
      • Also, we will use the “Surname” output with
        SQLMAP to obtain database username and password
        contents.

i-3

5. Tamper with request?

  • Instructions:
    1. Make sure the Continue Tampering? textbox is
    unchecked.
    2. Then Click Submit

i-4

6. Copying the Referer URL

  • Instructions:
    1. Select the second GET Request
    2. Right Click on the Referer Link
    3. Select Copy

i-5

7. Open Notepad

  • Instructions:
    1. Applications –> Wine –> Programs –>
    Accessories –> Notepad

i-6

8. Paste Referer URL into Notepad

  • Instructions:
    1. Edit –> Paste

i-7

9. Copying the Cookie Information

  • Instructions:
    1. Right Click on the Cookie line
    2. Select Copy

i-8

10. Pasting the Cookie Information

  • Instructions:
    1. Edit –> Paste

    • Notes(FYI):
      • Now you should have copied both the Referer and
        Cookie lines into Notepad. (See Picture)

i-9

Share with Friends
FacebookTwitterLinkedInEmail
Use Cybytes and
Tip the Author!
Join
Share with Friends
FacebookTwitterLinkedInEmail
Ready to share your knowledge and expertise?
8 Comments
  1. well it quiet ok

  2. Is this supposed to be a suppliment to an actual course?

    All three of these are literally step by step instructions on how to perform the labs, however I do not see any instructional material with an explanation of objectives.

    The only pre-requisite I found was that of being able to set up a VM.

  3. Whats the point of just learning how to “get” the cookies. We want to understand how it actually works…thats whats useful at the end of the day.

  4. why use proxy just for that? cant u get that from the Toggle Inspector or network monitor in the browser?

  5. Good but you need more informations toput into this article

Comment on This

You must be logged in to post a comment.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Support Cybrary

Donate Here to Get This Month's Donor Badge

 

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel