Cookie Stealing - Computerphile
1,175,568
Published 2016-06-01
Follow the Cookie Trail: • Follow the Cookie Trail - Computerphile
Cracking Websites with Cross Site Scripting: • Cracking Websites with Cross Site Scr...
Space Carving: • Space Carving - Computerphile
Deep Learning: • Deep Learning - Computerphile
Secure Web Browsing: • Secure Web Browsing - Computerphile
Anti Counterfeiting & Conductive Inks: • Anti-Counterfeiting & Conductive Inks...
Object Oriented Programming: • Pong & Object Oriented Programming - ...
Security of Data on Disk: • Security of Data on Disk - Computerphile
www.facebook.com/computerphile
twitter.com/computer_phile
This video was filmed and edited by Sean Riley.
Computer Science at the University of Nottingham: bit.ly/nottscomputer
Computerphile is a sister project to Brady Haran's Numberphile. More at www.bradyharan.com/
All Comments (21)
-
This guy has forgotten more about computers than I'll ever learn
-
Shouldn't this video be called "Biscuit Nicking"?
-
Dr. Pound is really good. I want more videos from him.
-
This guy and Tom Scott are my 2 favorite people on Computerphile. I just wish Tom still made videos on here.
-
I hate you guys. I have stuff to do, it's almost midnight and I keep on watching your so very interesting videos.
-
I love these videos that you and Tom Scott do here on Computerphile with ways people can and do hack websites while providing LEGAL examples. I would really like it if you and Tom Scott do more of these.
-
11:37 It might be worth emphasising here that the reason this works is because the script specifically read the contents of the cookie and included it in the URL parameters for the image. Normally the browser will not send cookies intended for one site to a completely different one.
-
When I explain session ID's to other people (who usually couldn't care less), I always explain it like this; There are "blind guards" to "doors" in a webpage. At the front of the website there's someone who asks for your secret password, you tell them the password and they give you a special badge with Braille on it. You walk into the website and when you feel like going to another "room" (page)...you walk up to the guard and they grope you and say "oh well...you MUST be that person or they wouldn't have let you in, so I'll show you the stuff that only you are suppose to see"......the problem is when someone else makes a copy of that badge...the guards can't tell the difference. Then I go on about cross-site scripting until they go cross-eyed and then I install the NoScript browser extension for them cause they said "I don't care "how" it works...just make it so they can't do it.
-
Computerphile drinking game. Take a shot every time he tugs on his sweater.
-
If I knew of this channel earlier my web projects would've benefited from it so much!
-
I steal my grandma's cookies all the time. Much easier than the way you do it. I just reach into the jar.
-
Upvote for that blog alone.
-
Don't get ghostery... It's owned by ad targeting companies.
-
I'm so out of the loop. I didn't even realise this was possible in this way.
-
Might also be worth mentioning the HttpOnly flag for cookies here. I mean, obviously if you're vulnerable to XSS that's a serious problem regardless of what other security measures you've taken to protect users, but at least with HttpOnly set the JavaScript won't be able to steal cookies.
-