Message from JavaScript talks

April 2017

— Ok

— 

NID, HTTP-only
HSID, HTTP-only
SAPISID, SSL-only (some session data or key)
SID, no security
SSID, HTTP-only and SSL-only
_cfduid, HTTP-only and SSL-only

— Those are keys you can target that seem to be secured or otherwise important

— Wut it seems arabic to me lel

— It is session related cryptography and key systems

— Ok

— In order to talk to the server you need to spoof all or some of these

— Ie in a custom client

— Spoof?

— Create your own cryptographic functions based on what is on the server, or find a way to obtain those credentials from the server

Message permanent page

— Mh ok

— Since it is guest-based session you should be able to easily