| ▲ | flotwig 5 days ago | |
It's funny that you mention NewCookie, there is actually a deprecated Set-Cookie2 header already: https://stackoverflow.com/q/9462180/3474615 | ||
| ▲ | h4ck_th3_pl4n3t 5 days ago | parent | next [-] | |
Imagine pwning a frontend server or proxy, spawning an http/s server on another port, and being able to intercept all cookies and sessions of all users, even when you couldn't pwn the (fortified) database. This could have a huge advantage, because if you leave the original service untouched on port 80/443, there is no alert popping up on the defending blueteam side. This gives me an idea for a project... | ||
| ▲ | nghia999 5 days ago | parent | prev [-] | |
[flagged] | ||