Cookie Basec Attacks
Cookies Explained
Attacks
- Check for PII or sensitive in cookie data
- Add a very long cookie value, it may ddos the application
- If cookies hold a serialized object, try insecure deserialization
- Chain CRLF Injection to add cookies (look for XSS or SQL)
- Check if session expires on logout
Decoding the cookie
If the cookie is using some Base encoding (like Base64) or similar you may be able to decode it, change the content and impersonate arbitrary users
Session fixation
An attacker tricks the victim into using a cookie that has an identifier know to the attacker
Session donation
The attacker sends his own session to the victim. The victim will see that he is already logged and will suppose that he is inside his own account but the actions will be performed inside the attackers account