Member-only story
Exploiting Remember Me Cookie For Account Takeover
Cookie:
To identify user and maintain the session are issued by the website and these are stored in your file storage by your browser. Cookies are created when user browse any website just to keep track of your movements within that website, remembering your login. Cookie allow server to store and retrieve data from the client the data can be such as a unique id assigned to client by the website etc.
Type: There are two types of cookie:
· Session cookie: It is used to check authenticity of user and are only assigned when your logs into the website.
· Persistent cookie: Persistent cookie remains in the browser’s subfolder for the duration period set within the cookie’s file and they can be used for analytics and other purposes.
Example:
Need: HTTP is stateless, So every request is unique for the server. So to keep client authenticated website issues cookie which can be send along the request to tell the server that Hey !! I was authenticated earlier and here is the cookie.
Set Cookie: whenever the browser connects to a website which want to issue the cookie to the client, so in this case website includes a “Set:Cookie” header in the response of that request which defines the cookie which the website is setting up. After assigning the cookie to the user they are automatically added to the subsequent request sent to that particular website.
Cookie have below mentioned attributes:
· Name: The information like name of cookie which is assigned by the server. The name let the server differentiate amongst the session cookie and others one such as session cookie is named as session_id and other cookie named as analytics cookie.
· Expire: The maximum lifetime of the cookie. It will expire after the time specified in the expiration time.
· Domain: Domain specify host to which the cookie will be sent if user makes a request to the url specified in the domain request the cookie will be automatically included in the request.
i. If we omitted to set it, it will send only main domain value not include subdomain in it.
