SLIDE 1
Stealing Web Browser Cookies ben-holland.com Whats a cookie? Web - - PowerPoint PPT Presentation
Stealing Web Browser Cookies ben-holland.com Whats a cookie? Web - - PowerPoint PPT Presentation
Stealing Web Browser Cookies ben-holland.com Whats a cookie? Web 2.0 Cookies provide state Examples: Items in shopping cart AuthenFcaFon! Cookies Passwords! Username + Password = Cookie If I know your authenFcaFon
SLIDE 2
SLIDE 3
Web 2.0 – Cookies provide state
Examples:
- Items in shopping cart
- AuthenFcaFon!
SLIDE 4
Cookies ≥ Passwords!
- Username + Password = Cookie
- If I know your authenFcaFon cookie value I
don’t need your password!
- SomeFmes cookies don’t expire for a really
long Fme…
SLIDE 5
How can I get your cookies?
- Packet sniffing (wiretapping)
– Wired networks – Wireless networks
- (IASTATE vs eduroam)
– HTTP vs. HTTPS – hUps://www.cookiecadger.com/ – hUps://github.com/benjholla/tssk
SLIDE 6
How can I get your cookies?
- XSS (Cross Site ScripFng) AUacks
– How about you just send me your cookies… – HTTP Only Flag
SLIDE 7
How can I get your cookies?
- Client Side AUacks