Request Questions How To Use Cookies/OAuth Information From Logs?
- Thread starter
- Thread Author
- #1
I've been sifting through several logs here and obviously people are able to use cookies in some capacity to log into websites. I would assume that they are using some anti-detect browser to control their fingerprint/user agent to match that of the original user, however does this only work with an active session? Are these logs otherwise useless? Having all of these URLs, usernames, and passwords is great but you can really only get so far. Is there a method to using stale cookies via editing or do you need to really just have access to active cookies?
I also have considered OAuth tokens, maybe some way to re-authenticate using them. I am also aware that App Passwords are generated for old-school applications to circumvent 2FA which could be useful.
I'm simply just looking for some sauce here, I know information on how to use this data is generally kept close to those who figure it out but if anyone is willing to share some expertise I would greatly appreciate it. Not looking to pay for information so please none of that, if I need to I will just figure it out.
Ideally just trying to figure out if it's possible to circumvent 2FA or really how to make any of this information useful. If the answer is just phishing for the 2FA then so be it, would appreciate tips on this as well - seems pretty straight forward though.
Also any recommendations for apps or software that might be helpful going through any of this information for Linux would be greatly appreciated.
I also have considered OAuth tokens, maybe some way to re-authenticate using them. I am also aware that App Passwords are generated for old-school applications to circumvent 2FA which could be useful.
I'm simply just looking for some sauce here, I know information on how to use this data is generally kept close to those who figure it out but if anyone is willing to share some expertise I would greatly appreciate it. Not looking to pay for information so please none of that, if I need to I will just figure it out.
Ideally just trying to figure out if it's possible to circumvent 2FA or really how to make any of this information useful. If the answer is just phishing for the 2FA then so be it, would appreciate tips on this as well - seems pretty straight forward though.
Also any recommendations for apps or software that might be helpful going through any of this information for Linux would be greatly appreciated.