EvilZone

Hacking and Security => Hacking and Security => : Vingilot May 06, 2014, 07:36:28 AM

: Regaining access to a secured website I am still technically logged into.
: Vingilot May 06, 2014, 07:36:28 AM

So I have a slightly weird query, and here's hoping someone may know how to help me out.  I'll try my best to explain.

I was recently let go from my job, which I accessed from home via their corporate portal.  When they laid me off, my home computer was still logged into the system, and as long as I didn't close the window it I was still able to access everything. 

Now, my computer restarted automatically much to my chagrin, and I am lo longer able to view the website on my computer.  However, I regularly accessed the website on my smart phone, and surprisingly I still have access on my phone, since I never signed out there (or plan to).  I can still see schedules and everything on my phone, and it still thinks I am logged in.

My question is this:  is there a way I can use my foot in the door (the site being open on my phone) to regain access on my computer? 

: Re: Regaining access to a secured website I am still technically logged into.
: proxx May 06, 2014, 07:40:23 AM

Well since the ethical nor the offical part is any of my concern.
You probably have a session ID/cookie stored on the phone.
Theoretically the same token can be used/inserted on an other device.
You will need some way of extracting this from the mobile device.
If you proxy your phone through your PC and run something like BURP you might be able to go from there.
However I think , considering your question this might be a big leap from a beginners standpoint.
And if there is one thing we dont do here is spoonfeeding random visitors, either learn and ask if needed or just gtfo.

: Re: Regaining access to a secured website I am still technically logged into.
: Kulverstukas May 06, 2014, 11:25:38 AM

The hardest part in this is extracting the cookie from your phone, can't suggest anything on this because you didn't state your phone model. Importing should be easy, since cookies are standardized.

: Re: Regaining access to a secured website I am still technically logged into.
: proxx May 06, 2014, 12:11:36 PM

: Kulverstukas  May 06, 2014, 11:25:38 AM

The hardest part in this is extracting the cookie from your phone, can't suggest anything on this because you didn't state your phone model. Importing should be easy, since cookies are standardized.

I think catching it with a HTTP proxy is the universal way to go on this one.
Heck of a lot easier than all sorta crappy apps.