Welcome to Cycubix Docs
  • Welcome to Cycubix Docs
  • Our Cybersecurity Training Courses
  • Application Security Series
    • Web Application Security Essentials
      • Introduction | Web Application Security Essentials | Cycubix Docs
      • WebGoat | Web Application Security Essentials | Cycubix Docs
        • WebGoat Installation | Web Application Security | Cycubix Docs
          • Stand-alone
          • Docker
        • WebGoat & WebWolf Run | Web Application Security | Cycubix Docs
        • WebGoat Configuration | Web Application Security | Cycubix Docs
        • WebWolf | Web Application Security | Cycubix Docs
          • Webwolf Upload | WebWolf | Web Application Security | Cycubix
          • Webwolf Mail | WebWolf | Web Application Security | Cycubix
          • WebWolf Landing Page | Web Application Security | Cycubix Docs
        • WebGoat & WebWolf System Requirements | Cycubix Docs
      • ZAP | Web Application Security Essentials | Cycubix Docs
        • ZAP | Download & Installation | Cycubix Docs
        • ZAP | Persist ZAP Session | Cycubix Docs
        • ZAP | ZAP Proxy | Cycubix Docs
      • WebGoat Labs | Web Application Security Essentials | Cycubix Docs
        • General | HTTP Basics | Cycubix Docs
          • General | HTTP Basics (1) | Cycubix Docs
          • General | HTTP Basics (2) | Cycubix Docs
          • General | HTTP Basics (3) | Cycubix Docs
        • General | HTTP Proxies | Cycubix Docs
          • General | HTTP Proxies (1) | Cycubix Docs
          • General | HTTP Proxies (2) | Cycubix Docs
          • General | HTTP Proxies (3) | Cycubix Docs
          • General | HTTP Proxies (4) | Cycubix Docs
          • General | HTTP Proxies (5) | Cycubix Docs
          • General | HTTP Proxies (6) | Cycubix Docs
          • General | HTTP Proxies (7) | Cycubix Docs
          • General | HTTP Proxies (8) | Cycubix Docs
          • General | HTTP Proxies (9) | Cycubix Docs
        • General | Developer Tools | Cycubix Docs
          • General | Developer Tools (1) | Cycubix Docs
          • General | Developer Tools (2) | Cycubix Docs
          • General | Developer Tools (3) | Cycubix Docs
          • General | Developer Tools (4) | Cycubix Docs
          • General | Developer Tools (5) | Cycubix Docs
          • General | Developer Tools (6) | Cycubix Docs
        • General | The CIA Triad | Cycubix Docs
          • General | The CIA Triad (1) | Cycubix Docs
          • General | The CIA Triad (2) | Cycubix Docs
          • General | The CIA Triad (3) | Cycubix Docs
          • General | The CIA Triad (4) | Cycubix Docs
          • General | The CIA Triad (5) | Cycubix Docs
        • A1:2021 | Broken Access Control | Cycubix Docs
          • A1:2021 | Hijack a Session | Cycubix Docs
            • A1:2021 | Hijack a Session (1) | Cycubix Docs
            • A1:2021 | Hijack a Session (2) | Cycubix Docs
          • A1:2021 | Insecure Direct Object Reference | Cycubix Docs
            • A1:2021 | Insecure Direct Object Reference (1) | Cycubix Docs
            • A1:2021 | Insecure Direct Object Reference (2) | Cycubix Docs
            • A1:2021 | Insecure Direct Object Reference (3) | Cycubix Docs
            • A1:2021 | Insecure Direct Object Reference (4) | Cycubix Docs
            • A1:2021 | Insecure Direct Object Reference (5) | Cycubix Docs
            • A1:2021 | Insecure Direct Object Reference (6) | Cycubix Docs
          • A1:2021 | Missing Function Level Access Control | Cycubix Docs
            • A1:2021 | Missing Function Level Access Control (1) | Cycubix Docs
            • A1:2021 | Missing Function Level Access Control (2) | Cycubix Docs
            • A1:2021 | Missing Function Level Access Control (3) | Cycubix Docs
            • A1:2021 | Missing Function Level Access Control (4) | Cycubix Docs
          • A1:2021 | Spoofing an Authentication Cookie | Cycubix Docs
            • A1:2021 | Spoofing an Authentication Cookie (1) | Cycubix Docs
            • A1:2021 | Spoofing an Authentication Cookie (2) | Cycubix Docs
        • A2:2021 | Cryptographic Failures | Cycubix Docs
          • A2:2021 | Crypto Basics (1) | Cycubix Docs
          • A2:2021 | Crypto Basics (2) | Cycubix Docs
          • A2:2021 | Crypto Basics (3) | Cycubix Docs
          • A2:2021 | Crypto Basics (4) | Cycubics Docs
          • A2:2021 | Crypto Basics (5) | Cycubix Docs
          • A2:2021 | Crypto Basics (6) | Cycubix Docs
          • A2:2021 | Crypto Basics (7) | Cycubix Docs
          • A2:2021 | Crypto Basics (8) | Cycubix Docs
          • A2:2021 | Crypto Basics (9) | Cycubix Docs
        • A3:2021 | Injection | Cycubix Docs
          • A3:2021 | SQL Injection Intro | Cycubix Docs
            • A3:2021 | SQL Injection Intro (1) | Cycubix Docs
            • A3:2021 | SQL Injection Intro (2) | Cycubix Docs
            • A3:2021 | SQL Injection Intro (3) | Cycubix Docs
            • A3:2021 | SQL injection Intro (4) | Cycubix Docs
            • A3:2021 | SQL Injection Intro (5) | Cycubix Docs
            • A3:2021 | SQL Injection Intro (6) | Cycubix Docs
            • A3:2021 | SQL Injection Intro (7) | Cycubix Docs
            • A3:2021 | SQL Injection Intro (8) | Cycubix Docs
            • A3:2021 | SQL Injection Intro (9) | Cycubix Docs
            • A3:2021 | SQL Injection Intro (10) | Cycubix Docs
            • A3:2021 | SQL Injection Intro (11) | Cycubix Docs
            • A3:2021 | SQL Injection Intro (12) | Cycubix Docs
            • A3:2021 | SQL Injection Intro (13) | Cycubix Docs
          • A3:2021 | SQL Injection Advanced | Cycubix Docs
            • A3:2021 | SQL Injection Advanced (1) | Cycubix Docs
            • A3:2021 | SQL Injection Advanced (2) | Cycubix Docs
            • A3:2021 | SQL Injection Advanced (3) | Cycubix Docs
            • A3:2021 | SQL Injection Advanced (4) | Cycubix Docs
            • A3:2021 |SQL Injection Advanced (5) | Cycubix Docs
            • A3:2021 | SQL Injection Advanced (6)| Cycubix Docs
          • A3:2021 | Injection | SQL Injection Mitigation | Cycubix Docs
            • A3:2021 | SQL Injection Mitigation (1) | Cycubics Docs
            • A3:2021 | SQL Injection Mitigation (2) |
            • A3:2021 | SQL Injection Mitigation (3) | Cycubix Docs
            • A3:2021 | SQL Injection Mitigation (4) | Cycubix Docs
            • A3:2021 | SQL injection Mitigation (5) | Cycubix Docs
            • A3:2021 | SQL Injection Mitigation (6) | Cycubix Docs
            • A3:2021 | SQL Injection Mitigation (7) | Cycubix Docs
            • A3:2021 | SQL Injection Mitigation (8) | Cycubix Docs
            • A3:2021 | SQL Injection Mitigation (9) | Cycubix Docs
            • A3:2021 | SQL Injection Mitigation (10) | Cycubix Docs
            • A3:2021 | SQL Injection Mitigation (11) | Cycubix Docs
            • A3:2021 | SQL Injection Mitigation (12) | Cycubix Docs
            • A3:2021 | SQL Injection Mitigation (13) | Cycubix Docs
          • A3:2021 | Cross-Site Scripting (XSS) | Cycubix Docs
            • A3:2021 | Cross Site Scripting XXS (1) | Cycubix Docs
            • A3:2021 | Cross Site Scripting (XSS) (2) | Cycubix Docs
            • A3:2021 | Cross Site Scripting (XSS) (3) | Cycubix Docs
            • A3:2021 | Cross Site Scripting (XSS) (4) | Cycubix Docs
            • A3:2021 | Cross Site Scripting (XSS) (5) | Cycubix Docs
            • A3:2021 | Cross Site Scripting (XSS) (6) | Cycubix Docs
            • A3:2021 | Cross Site Scripting (XSS) (7) | Cycubix Docs
            • A3:2021 | Cross Site Scripting (XSS) (8) | Cycubix Docs
            • A3:2021 | Cross Site Scripting (XSS) (9) | Cycubix Docs
            • A3:2021 | Cross Site Scripting (XSS) (10) | Cycubix Docs
            • A3:2021 | Cross Site Scripting (XSS) (11) | Cycubix Docs
            • A3:2021 | Cross Site Scripting (XSS) (12) | Cycubix Docs
          • A3:2021 | Cross Site Scripting Stored | Cycubix Docs
            • A3:2021 | Cross Site Scripting Stored (1) | Cycubix Docs
            • A3:2021 | Cross Site Scripting Stored (2)
            • A3:2021 | Cross Site Scripting Stored (3) | Cycubix Docs
          • A3:2021 | Cross Site Scripting Mitigation | Cycubix Docs
            • A3:2021 | Cross Site Scripting Mitigation (1) | Cycubix Docs
            • A3:2021 | Cross Site Scripting Mitigation (2) | Cycubix Docs
            • A3:2021 | Cross Site Scripting Mitigation (3) | Cycubix Docs
            • A3:2021 | Cross Site Scripting Mitigation (4) | Cycubix Docs
            • A3:2021 | Cross Site Scripting Mitigation (5) | Cycubix Docs
            • A3:2021 | Cross Site Scripting Mitigation (6) |
          • A3:2021 | Path Transversal | Cycubix Docs
            • A3: 2021 | Path Transversal (1) | Cycubix Docs
            • A3:2021 | Path Transversal (2) | Cycubix Docs
            • A3:2021 | Path Transversal (3) | Cycubix Docs
            • A3:2021 | Path Transversal (4) | Cycubix Docs
            • A3:2021 | Path Transversal (5) | Cycubix Docs
            • A3:2023 | Path Transversal (6) | Cycubix Docs
            • A3:2021 | Path Transversal (7) | Cycubix Docs
            • A3:2021 | Path Transversal (8) | Cycubix Docs
        • A5:2021 | Security Misconfiguration | Cycubix Docs
          • A5:2021 | Security Misconfiguration (1) | Cycubix Docs
          • A5:2021 | Security Misconfiguration (2) | Cycubix Docs
          • A5:2021 | Security Misconfiguration (3) | Cycubix Docs
          • A5:2021 | Security Misconfiguration (4) | Cycubix Docs
          • A5:2021 | Security Misconfiguration (5) | Cycubix Docs
          • A5:2021 | Security Misconfiguration (6) | Cycubix Docs
          • A5:2021 | Security Misconfiguration (7) | Cycubix Docs
          • A5:2021 | Security Misconfiguration (8) | Cycubix Docs
          • A5:2021 | Security Misconfiguration (9) | Cycubix Docs
          • A5:2021 | Security Misconfiguration (10) | Cycubix Docs
          • A5:2021 | Security Misconfiguration (11) | Cycubix Docs
          • A5:2021 | Security Misconfiguration (12) | Cycubix Docs
          • A5:2021 | Security Misconfiguration (13) | Cycubix Docs
        • A6:2021 | Vulnerable and Outdated Components | Cycubix Docs
          • A6:2021 | Vulnerable and Outdated Components (1) | Cycubix Docs
          • A6:2021 | Vulnerable and Outdated Components (2) | Cycubix Docs
          • A6:2021 | Vulnerable and Outdated Components (3) | Cycubix Docs
          • A6:2021 | Vulnerable and Outdated Components (4) | Cycubix Docs
          • A6:2021 | Vulnerable and Outdated Components (5) | Cycubix Docs
          • A6:2021 | Vulnerable and Outdated Components (6) | Cycubix Docs
          • A6:2021 | Vulnerable and Outdated Components (7) | Cycubix Docs
          • A6:2021 | Vulnerable and Outdated Components (8) | Cycubix Docs
          • A6:2021 | Vulnerable and Outdated Components (9) | Cycubix Docs
          • A6:2021 | Vulnerable and Outdated Components (10) | Cycubix Docs
          • A6:2021 | Vulnerable and Outdated Components (11) | Cycubix Docs
          • A6:2021 | Vulnerable and Outdated Components (12) | Cycubix Docs
          • A6:2021 | Vulnerable and Outdated Components (13) | Cycubix Docs
        • A7:2021 | Identity and Authentication Failure | Cycubix Docs
          • A7:2021 | Authentication Bypasses | Cycubix Docs
            • A7:2021 | Authentication Bypasses (1) | Cycubix Docs
            • A7:2021 | Authentication Bypasses (2) | Cycubix Docs
          • A7:2021 | Insecure Login | Cycubix Docs
            • A7:2021 | Insecure Login (1) | Cycubix Docs
            • A7:2021 | Insecure Login (2) | Cycubix Docs
          • A7: 2021 | JWT Tokens | Cycubix Docs
            • A7: 2021 | JWT Tokens (1) | Cycubix Docs
            • A7: 2021 | JWT Tokens (2) | Cycubix Docs
            • A7: 2021 | JWT Tokens (3) | Cycubix Docs
            • A7: 2021 | JWT Tokens (4) | Cycubix Docs
            • A7: 2021 | JWT Tokens (5) | Cycubix Docs
            • A7: 2021 | JWT Tokens (6) | Cycubix Docs
            • A7: 2021 | JWT Tokens (7) | Cycubix Docs
            • A7: 2021 | JWT Tokens (8) | Cycubix Docs
            • A7: 2021 | JWT Tokens (9) | Cycubix Docs
            • A7: 2021 | JWT Tokens (10) | Cycubix Docs
            • A7: 2021 | JWT Tokens (11) | Cycubix Docs
            • A7: 2021 | JWT Tokens (12) | Cycubix Docs
            • A7: 2021 | JWT Tokens (13) | Cycubix Docs
            • A7: 2021 | JWT Tokens (14) | Cycubix Docs
            • A7: 2021 | JWT Tokens (15) | Cycubix Docs
            • A7: 2021 | JWT Tokens (16) | Cycubix Docs
            • A7: 2021 | JWT Tokens (17) | Cycubix Docs
            • A7: 2021 | JWT Tokens (18) | Cycubix Docs
            • A7: 2021 | JWT Tokens (19) | Cycubix Docs
          • A7:2021 | Password Reset | Cycubix Docs
            • A7:2021 | Password Reset (1) | Cycubix Docs
            • A7:2021 | Password Reset (2) | Cycubix Docs
            • A7:2021 | Password Reset (3) | Cycubix Docs
            • A7:2021 | Password Reset (4) | Cycubix Docs
            • A7:2021 | Password Reset (5) | Cycubix Docs
            • A7:2021 | Password Reset (6) | Cycubix Docs
            • A7:2021 | Password Reset (7) | Cycubix Docs
          • A7:2021 | Secure Passwords | Cycubix Docs
            • A7:2021 | Secure Passwords (1) | Cycubix Docs
            • A7:2021 | Secure Passwords (2) | Cycubix Docs
            • A7:2021 | Secure Passwords (3) | Cycubix Docs
            • A7:2021 | Secure Passwords (4) | Cycubix Docs
            • A7:2021 | Secure Passwords (5) | Cycubix Docs
            • A7:2021 | Secure Passwords (6) | Cycubix Docs
        • A8:2021 | Software and Data Integrity | Cycubix Docs
          • A8:2021 | Software and Data Integrity | Insecure Deserialization (1) | Cycubix Docs
          • A8:2021 | Software and Data Integrity | Insecure Deserialization (2) | Cycubix Doc
          • A8:2021 | Software and Data Integrity | Insecure Deserialization (3) | Cycubix Doc
          • A8:2021 | Software and Data Integrity | Insecure Deserialization (4) | Cycubix Doc
          • A8:2021 | Software and Data Integrity | Insecure Deserialization (5) | Cycubix Doc
        • A9:2021 | Security Logging Failures | Cycubix Docs
          • A9:2021 | Logging Security (1) | Cycubix Docs
          • A9:2021 | Logging Security (2) | Cycubix Docs
          • A9:2021 | Logging Security (3) | Cycubix Docs
          • A9:2021 | Logging Security (4) | Cycubix Docs
          • A9:2021 | Logging Security (5) | Cycubix Docs
        • A10: 2021 | Server Side Request Forgery | Cycubix Docs
          • A10:2021 | Server Side Request Forgery | Cross Site Request Forgery | Cycubix Docs
            • A10:2021 | Server Side Request Forgery | Cross Site Request Forgery (1) | Cycubix Docs
            • A10:2021 | Server Side Request Forgery | Cross Site Request Forgery (2) | Cycubix Docs
            • A10:2021 | Server Side Request Forgery | Cross Site Request Forgery (3) | Cycubix Docs
            • A10:2021 | Server Side Request Forgery | Cross Site Request Forgery (4) | Cycubix Docs
            • A10:2021 | Server Side Request Forgery | Cross Site Request Forgery (5) | Cycubix Docs
            • A10:2021 | Server Side Request Forgery | Cross Site Request Forgery (6) | Cycubix Docs
            • A10:2021 | Server Side Request Forgery | Cross Site Request Forgery (7) | Cycubix Docs
            • A10:2021 | Server Side Request Forgery | Cross Site Request Forgery (8) | Cycubix Docs
            • A10:2021 | Server Side Request Forgery | Cross Site Request Forgery (9) | Cycubix Docs
          • A10:2021 | Client Side Request Forgery | Cycubix Docs
            • A10:2021 | Server Side Request Forgery (1) | Cycubix Docs
            • A10:2021 | Server Side Request Forgery (2) | Cycubix Docs
            • A10:2021 | Server Side Request Forgery (3) | Cycubix Docs
            • A10:2021 | Server Side Request Forgery (4) | Cycubix Docs
        • Client Side | Cycubix Docs
          • Client Side | Bypass Front End Restrictions | Cycubix Docs
            • Client Side | Bypass Front End Restrictions (1) | Cycubix Docs
            • Client Side | Bypass Front End Restrictions (2) | Cycubix Docs
            • Client Side | Bypass Front End Restrictions (3) | Cycubix Docs
          • Client Side Filtering | Cycubix Docs
            • Client Side | Client Side Filtering (1) | Cycubix Docs
            • Client Side | Client Side Filtering (2) | Cycubix Docs
            • Client Side | Client Side Filtering (3) | Cycubix Docs
          • Client Side | HTML Tampering | Cycubix Docs
            • Client Side | HTML Tampering (1) | Cycubix Docs
            • Client Side | HTML Tampering (2) | Cycubix Docs
            • Client Side | HTML Tampering (3) | Cycubix Docs
        • Challenges | Cycubix Docs
          • Challenges | Admin Lost Password | Cycubix Docs
          • Challenges | Without password | Cycubix Docs
          • Challenges | Admin Password Reset | Cycubix Docs
          • Challenges | Without Account | Cycubox Docs
  • ISC2 Courses
    • CCSP
      • CCSP Domains
      • CCSP Resource Materials
        • CCSP Mind Map | Cycubix Docs
        • CCSP Official Study Guide
        • CCSP Official Practice Tests
        • CCSP Online Test Bank
    • CISSP
      • CISSP Domains
        • Domain 1: Security and Risk Management
        • Domain 2: Asset Security
          • Link Encryption vs End-to-End Encryption
        • Domain 3: Security Architecture and Engineering
        • Domain 4: Communication and Network Security
        • Domain 5: Identity and Access Management (IAM)
        • Domain 6: Security Assessment and Testing
        • Domain 7: Security Operations
        • Domain 8: Software Development Security
      • CISSP Resource Materials
        • CISSP Official Flashcards
        • CISSP Mind Map | Cycubix Docs
        • CISSP Exam Outline
        • CISSP Official Study Guide
        • CISSP Official Practice Tests
        • CISSP Online Test Bank
        • CISSP Glossary
    • CSSLP
      • CSSLP Resource Materials
        • ISC2 CSSLP Official Flashcards
        • CSSLP Mind Map | Cycubix Docs
        • CSSLP Exam Outline | Cycubix Docs
    • Lexicon
      • A
      • B
  • AWS Courses
    • AWS Certified Security – Specialty (SCS-C02)
  • Crowdstrike
    • Troubleshooting Mac Devices
      • Mac sensors on macOS Ventura may fail to remove Falcon.app when uninstalling
      • System Extensions not activated
  • Jamf
    • Jamf Protect
Powered by GitBook
On this page

Was this helpful?

  1. Application Security Series
  2. Web Application Security Essentials
  3. WebGoat Labs | Web Application Security Essentials | Cycubix Docs
  4. A1:2021 | Broken Access Control | Cycubix Docs
  5. A1:2021 | Spoofing an Authentication Cookie | Cycubix Docs

A1:2021 | Spoofing an Authentication Cookie (2) | Cycubix Docs

PreviousA1:2021 | Spoofing an Authentication Cookie (1) | Cycubix DocsNextA2:2021 | Cryptographic Failures | Cycubix Docs

Last updated 10 months ago

Was this helpful?

Attempt to bypass the authentication mechanism by spoofing an authentication cookie.

Notes about the login system

  • When a valid authentication cookie is received, the system will automatically log in the user.

  • If a cookie is not sent, but the provided credentials are correct, the system will generate an authentication cookie.

  • Login attempts will be denied under any other circumstances.

*Please pay close attention to the feedback messages you receive during the attacks.*

Known credentials:

user name
password

webgoat

webgoat

admin

admin

Goal

Once you have a clear understanding of how the authentication cookie is generated, attempt to spoof the cookie and log in as Tom.

Solution

  • Turn on the Interceptor (Burp) or Break (ZAP).

  • Enter the known user credentials (webgoat/admin).

  • What results you can compare: WebGoat and Admin have their own spoofed cookie but as you continue to log in you will notice that the spoof cookie for each login maintains its value.

Admin Cookie= NDE1MTc5NjI3MjU3NTg1NTRjNTc2ZTY5NmQ2NDYx

WebGoat Cookie= NDE1MTc5NjI3MjU3NTg1NTRjNTc3NDYxNmY2NzYyNjU3Nw==

  • After you encode the spoofed cookies into UTF-8 you will receive the folowing values:

Admin= 41517962725758554c576e696d6461

WebGoat= 41517962725758554c5774616f67626577

Admin spoofed cookie into text= AQybrWXULWnimda

WebGoat spoofed cookie into text= AQybrWXULWtaogbew

We can see the characteristics of the encoding values, keeping the first part the same and spelling backwards the user name.

  • Now go to the section of string reverser on CodeBeautify to reverse the string:

Admin= adminWLUXWrbyQA

WebGoat= webgoatWLUXWrbyQA

  • Now replace on the reversed string Admin or WebGoat into TOM.

AQybrWXULWmoT

  • Then go back to the section of String to HEX in CodeBeautify, and encode the above string.

41517962725758554c576d6f54

  • Go into the Base64Encode Website and Encode the string into UTF-8.

NDE1MTc5NjI3MjU3NTg1NTRjNTc2ZDZmNTQ=

  • How do we authenticate the new authentication cookie?

Find the corresponding POST request. Forward it to the Repeater (Burp) or Manual Reuqest Editor (ZAP).

Add after Cookie JSESSIONID the spoofed authentication.

Send the Request and you will get the following message:

With the manipulation of the authenticated cookie we can now impersonate another user, in this case TOM.

What is the encoding Scheme?:

UTF-8 encodes in HEX values, meaning in 8 BITS. We can use a Converter from HEX to Text ().

https://www.base64decode.org/
https://codebeautify.org/hex-string-converter