mirzaev/thoughts

Hack to hide browser cookies #7

New Issue

Open

opened 2024-01-10 05:28:53 +07:00 by Arsen Mirzaev Tatyano-Muradovich · 0 comments

Arsen Mirzaev Tatyano-Muradovich commented

2024-01-10 05:28:53 +07:00

Owner

Check out a hack that allows to hide browser cookies at random addresses

Generate random HTTP address
Open page at this address
Write a cookie with a SameSite to this address
Close page
Delete a page from history

If the browser allows you to use "SameSite" and third-party "Path" then simply assign cookies without opening the page

Most likely, it is not possible to assign cookies to third-party sites using this method.

Currently, browsers is block creation of background windows by default (exists a tricks to enable this).

Check the ability to call fetch() in JavaScript on a third-party document and send a header with a cookie.

Check that cookies cannot be detected on the target page.

Most likely, all this will not work on third-party documents, but maybe can use it inside inner site pages to hide cookies from potential hackers.

### Check out a hack that allows to hide browser cookies at random addresses 1. Generate random HTTP address 2. Open page at this address 3. Write a cookie with a SameSite to this address 4. Close page 5. Delete a page from history If the browser allows you to use **"SameSite"** and **third-party "Path"** then simply assign cookies without opening the page _**Most likely, it is not possible to assign cookies to third-party sites using this method.**_ Currently, browsers is **block creation of background windows** by default (exists a tricks to enable this). Check the ability to call **fetch()** in JavaScript on a third-party document and **send a header with a cookie**. Check that **cookies cannot be detected on the target page**. _Most likely, all this will **not work on third-party documents**, but maybe can use it inside inner site pages to hide cookies from potential hackers_.