Cookie Attacks
About#
- I just wandered the Internet and encountered cookie tossing by a tweet from S1r1us
- Here is just a collection of writeups related to this technique, along with other researches related to cookie security.
Researches#
- Cookie tossing video by Reconless: Very quick introduction on how this attack works. Research covered by this video: Cookie Tossing to RCE on Google Cloud Jupyter lab.
- The cookie monster in our browsers: Very detailed research by filedescriptor on cookie security and attacks. Some notable mentions are cookie tossing, cookie bombing. There is a follow up research using these concepts to elevate vulnerabilities.
- Yummy cookies across domains: Mentions why Github Pages have a dedicated
github.iodomain, along with other defenses against other cookie-related attacks. - Zoom Session Takeover: Zoom Session Takeover using cookie tossing, also very interesting use of OAuth dirty dance to obtain the unconsumed OAuth parameters.
- Stealing HttpOnly cookies with the cookie sandwich technique: Use
$Versioncookie to stealHttpOnlycookies. - Handling Cookies is a Minefield: Highlight cookie parsing implementations discrepancy in different browsers and programming languages. Can have a massive DoS impact if not careful.