Exploiting Remember Me Cookie For Account Takeover

Cookie:

To identify user and maintain the session are issued by the website and these are stored in your file storage by your browser. Cookies are created when user browse any website just to keep track of your movements within that website, remembering your login. Cookie allow server to store and retrieve data from the client the data can be such as a unique id assigned to client by the website etc.

Type: There are two types of cookie:

· Session cookie: It is used to check authenticity of user and are only assigned when your logs into the website.

· Persistent cookie: Persistent cookie remains in the browser’s subfolder for the duration period set within the cookie’s file and they can be used for analytics and other purposes.

Example:

Need: HTTP is stateless, So every request is unique for the server. So to keep client authenticated website issues cookie which can be send along the request to tell the server that Hey !! I was authenticated earlier and here is the cookie.

Set Cookie: whenever the browser connects to a website which want to issue the cookie to the client, so in this case website includes a “Set:Cookie” header in the response of that request which defines the cookie which the website is…