Message from JavaScript discussions

April 2019

— If I was going to do it, that would be the first method I'd attempt


But honestly any half decent web dev isnt going to only rely on a session key in a cookie to authenticate users

— Cookies are the ones that you set to mantain the user data in the browser right ? so what do you mean by stealing the cookie that your backend code set ?

Message permanent page

— Yes
Get more info as possible from the visitor

— Like ?

— Can you give an example ?

— If you want more info on a user, you'd have better lucky breaking out the packets they send to yoe server

Message permanent page

— Ip, location, stores passwords and last web site visited

— Storaged passwords

— *

— You would probably need to actually exploit their browser to pull saved passwords

— And at that point, unless you have a redirector, you're essentially making call backs to your own web server, which is dumb

Message permanent page