April 19, 2019 at 11:12 #2814
It is pretty familiar when you are using a website and a dialogue box pops up on your screen telling you that the site you are on is using cookies. I know a big percentage of you most probably don’t even know what cookies are. So let us start from there.
What are cookies?
A Cookie is a small text file of up to 4kb created by a website and is stored in the user’s device either temporary for that session only or permanently on the hard disk (persistent cookies). They provide a way for the website to recognize you and keep track of your preferences. It is simply a small piece of data sent from a website and stored on a user’s device by user’s web browser while the user is browsing.
The following are some of the negative effects cookies can pose on cyber security:
4. Cross site scripting
5. Cross site request forgery
6. TCP/IP hijacking
7. HTTPS protocol
Cookies have been used for quite long time now. But how vulnerable are they y when it comes to cyber security?
Normally, when cookie are sent to the user’s device and stored, they are supposed to be sent back to the web server unchanged. However, an attacker may change the value of cookies before sending it back to the web server. In the process of doing this, he ends up poisoning the cookies. The modified values of cookies when used by the web server enables the attacker to gain entry into the system and have access to sensitive information such as credentials or even impersonate the session of the user.
There are also other attackers who are capable of hijacking or stealing cookies through network traffic and capturing cookies downloaded from a website to a web browser. The attacker may also steal the cookies stored on the user’s machine and use it to suit his own needs.
It enables the attacker to start another session to the same website, after which he can submit the cookies to bypass authentication to execute malicious actions within the user’s account.
Cookie manipulation attack is divided into cookie activation and direct cookie injection. Cookie activation attacks target store of the browser. Normally, cookie store has a certain limit of cookie size and the number of cookies that can be stored in a domain name. Here, the attacker may try and exploit the cookie size limit in the cookie store. He then submits multiple dummy cookies making the browser clean all the actual cookies, leaving behind only the dummy cookies in the browser store.
Direct cookie injection on the other hand is applied in case te website uses secure cookies. It involves creation of new cookies or overwriting the ready existing cookies. It exploits the fact that insecure and secure cookies are located in same name space. The attacker catches a plain text HTTP transaction launched by a victim to coerce a plain text HTTP request to a target website. The attacker can then reply the request with HTTP response including arbitrary cookies.
4. Cross-Site Scripting
Cross-site scripting can be used for:
• stealing sensitive information
• hijacking user sessions
• Compromising browsers and system integrity.
This attack is executed when a software fails to neutralize user-controllable inputs or it neutralizes it incorrectly before the user input is placed in an output used as a web page served to users.
In cross site scripting, the victim is used for performing the malicious script’s running to perform an action the attacker desires.
5. TCP/IP Hijacking
TCP/IP hijacking problem has existed in the most of applications that are TCP/IP-based. TCP/IP hijacking is also known as session hijacking. An attacker needs to be able to intercept the data of a legitimate user in order to hijack TCP/IP connection. Then the attacker inserts herself into that session. In web-based application’s session hijacking involves hijacking a user’s cookie. The cookie can be used for storing sensitive information such as login credentials. The attacker may use the cookie for accessing the session of the user. The user is probably not aware what happens and receives a “session expired” or “login failed” message. If session timeouts are incorrectly configured in web server application, an attacker may perform session hijacking. Typically, timeouts are configured to happen after a set period of inactivity in user’s session. An attacker may potentially use a hijacked cookie or predict session identifier numbers to hijack a session of a user if the time frame of timeouts is too extensive.April 24, 2019 at 00:51 #2858
It’s been featured on our medium: https://medium.com/@cybersecurecentral/how-cookies-affect-your-internet-security-and-privacy-from-our-forums-42e394f3a06cNovember 7, 2019 at 18:48 #5950
Wow! Extremely surprising and informative. In all honesty, every time I saw the Cookies bar pop up, I had no damn idea what it meant. I have to say thought, the fact that a perpetrator can send “poisoned cookies” is just pure comedy. Ridiculous when one comes to think of the world we’ve come to.November 9, 2019 at 21:07 #5966
Very useful, now I finally know what cookies stands for! 🙂 I have been going along all this time with no idea that it was this important. Just goes to show that being informed is invaluable. Good article!