Message from JavaScript talks

April 2017

— Ok

— 

The only other way is to run crypto attacks via bruteforce/guessing chunks of the keys, then letting an algo guess the rest

— Ok i won't do it

— I'm not expert enough

— But why don't use JS injection? He could inject it to the page, click the button and then it works?

— I don't know if it works but isn't he able to use phantomjs for that?

— I think the only relevant cookies are __gads and __cfduid possibly

— The others seem to be for some google api

— _cfuid is CloudFlare I think

— Because I have it on my pages too

— And I am using cf

— Upon further investigation they may be implementing their auth in-memory without storing credentials for guests

Message permanent page