Spoofing an Admin’s Cookies Using Burp

Here is a quick little video I put together to show you how spoofing a users cookies works. This is not a real example, in most instances an application like Burp suite would be used in conjunction with a XSS attack or some equivalent attack. The objective is to get someone with higher privileges to log in with the desired credentials.

In this example, I intercept the administrators account cookie then use that same cookie to modify my own request, from a lower privileged user. This in turn grants me full access as the administrator, the application being none the wiser. Even after I logged out.

Again, the first part of the attack is not realistic, the second part is however.

Disclaimer: This is shared for instructional and awareness purposes only.

Leave a Comment