Cookie Stealing - Computerphile

1,175,568

21,425 0

Published 2016-06-01

Cookie Monster isn't the only one fond of cookies - thieves on the Internet are partial too. Dr Mike Pound demonstrates & explains the art of cookie stealing.

Follow the Cookie Trail:    • Follow the Cookie Trail - Computerphile
Cracking Websites with Cross Site Scripting:    • Cracking Websites with Cross Site Scr...
Space Carving:    • Space Carving - Computerphile
Deep Learning:    • Deep Learning - Computerphile
Secure Web Browsing:    • Secure Web Browsing - Computerphile
Anti Counterfeiting & Conductive Inks:    • Anti-Counterfeiting & Conductive Inks...
Object Oriented Programming:    • Pong & Object Oriented Programming - ...
Security of Data on Disk:    • Security of Data on Disk - Computerphile

www.facebook.com/computerphile
twitter.com/computer_phile

This video was filmed and edited by Sean Riley.

Computer Science at the University of Nottingham: bit.ly/nottscomputer

Computerphile is a sister project to Brady Haran's Numberphile. More at www.bradyharan.com/

All Comments (21)

@stevensanders9219 5 years ago

This guy has forgotten more about computers than I'll ever learn
@lmiddleman 7 years ago

Shouldn't this video be called "Biscuit Nicking"?
@CRJessen 7 years ago

Dr. Pound is really good. I want more videos from him.
@atmunn1 6 years ago

This guy and Tom Scott are my 2 favorite people on Computerphile. I just wish Tom still made videos on here.
@DarkOracleOfDeath 5 years ago

I hate you guys. I have stuff to do, it's almost midnight and I keep on watching your so very interesting videos.
@mistermuffin710 7 years ago

I love these videos that you and Tom Scott do here on Computerphile with ways people can and do hack websites while providing LEGAL examples. I would really like it if you and Tom Scott do more of these.
@AndrewMeyer 7 years ago

11:37 It might be worth emphasising here that the reason this works is because the script specifically read the contents of the cookie and included it in the URL parameters for the image. Normally the browser will not send cookies intended for one site to a completely different one.
@4pThorpy 7 years ago

When I explain session ID's to other people (who usually couldn't care less), I always explain it like this; There are "blind guards" to "doors" in a webpage. At the front of the website there's someone who asks for your secret password, you tell them the password and they give you a special badge with Braille on it. You walk into the website and when you feel like going to another "room" (page)...you walk up to the guard and they grope you and say "oh well...you MUST be that person or they wouldn't have let you in, so I'll show you the stuff that only you are suppose to see"......the problem is when someone else makes a copy of that badge...the guards can't tell the difference. Then I go on about cross-site scripting until they go cross-eyed and then I install the NoScript browser extension for them cause they said "I don't care "how" it works...just make it so they can't do it.
@richardv519 7 years ago

Computerphile drinking game. Take a shot every time he tugs on his sweater.
@RetroFanEnt 7 years ago

If I knew of this channel earlier my web projects would've benefited from it so much!
@kimjongun9915 6 years ago

I steal my grandma's cookies all the time. Much easier than the way you do it. I just reach into the jar.
@2Cerealbox 7 years ago

Upvote for that blog alone.
@user-nl5hj4dy7y 7 years ago

Don't get ghostery... It's owned by ad targeting companies.
@bunnybreaker 7 years ago

I'm so out of the loop. I didn't even realise this was possible in this way.
@AndrewMeyer 7 years ago

Might also be worth mentioning the HttpOnly flag for cookies here. I mean, obviously if you're vulnerable to XSS that's a serious problem regardless of what other security measures you've taken to protect users, but at least with HttpOnly set the JavaScript won't be able to steal cookies.
@OfficialPirateFraser 7 years ago