Cookie leakage


Why cookies are so important

Since cookies store such sensitive data as session ID in case of cookie hijacking, attackers can use them for malicious purposes. After the user authentication, cookie with the session ID is the only data web applications use for recognition purposes . If there is any weakness ( for example, if cookie leaks over HTTP, and there is an attacker listening to your communication between browser and website, then the consequence of this leakage can be user impersonation ) in the processing of this cookie, then attacker can easily hijack it. It is very essential to understand that even 2FA ( 2-factor authentication ) cant help prevent cookie leakage.  Once the user gets authenticated, then the only data website use  to recognize the user is a session ID cookie.

Cookie Processing Fundamentals

Cookies have the following structure: name, value, and attribute ( optional ). The cookie goes from the web application to the browser via Set-Cookie header. As you know, while the browser is communicating with the web application, there is a series of responds, requests and Set-Cookie headers, we are talking about that can be found in the response. Moreover, browsers automatically append cookies when the request is sent to the web application.

Secure Attribute

Secure attribute ( optional ) can be specified in Set-Cookie header. If this attribute is not specified, then the cookie will be sent over insecure HTTP and secure HTTPS protocols. Otherwise, when the secure attribute is specified, it is guaranteed that this cookie will be sent only over secure HTTPS. As you can see, the cookie leakage over insecure HTTP is possible only when you send it without a secure attribute in Set-Cookie header.