The only other way is to run crypto attacks via bruteforce/guessing chunks of the keys, then letting an algo guess the rest
— Ok i won't do it
— I'm not expert enough
— But why don't use JS injection? He could inject it to the page, click the button and then it works?
— I don't know if it works but isn't he able to use phantomjs for that?
— I think the only relevant cookies are __gads and __cfduid possibly
— The others seem to be for some google api
— _cfuid is CloudFlare I think
— Because I have it on my pages too
— And I am using cf
— Upon further investigation they may be implementing their auth in-memory without storing credentials for guests
Message permanent page