Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Is it possible for a malicious website to steal my cookies from another website?

From what I understand document.cookie only gets your cookies for the current site you are on. Would it be possible for a malicious site to get around this by using an iFrame, modifying my HTTP header, making a request to the target site or some other method?

like image 905
Gilbo Avatar asked Jul 19 '10 03:07

Gilbo


People also ask

Can a website steal your cookies?

They allow sites to remember you, your website logins, and shopping carts so you can pick back up where you left off from your last visit. However, cybercriminals can manipulate HTTP cookies to spy on your online activity and steal your personal information.

Can one website access cookies from another website?

A cookie can only be read by the site that created it Any cookie on your computer can only be read by the website that created that cookie. Web browsers are very strict about enforcing this.

Can a hacker steal your cookies?

How Hackers Steal Cookies. Browsers allow users to maintain authentication, remember passwords and autofill forms. That might seem convenient, but attackers can exploit this functionality to steal credentials and skip the login challenge. Behind the scenes, browsers use SQLite database files that contain cookies.

What happens if a hacker gets your cookies?

Once a hacker gains access to your session cookies, they can basically act as you. If you're logged in to your bank account, for example, they can set up a transfer to drain your account and move the funds into their own, and then they can change the password so you can't access the bank account at all.


1 Answers

One way to do this would be through cross-site scripting attacks. This is a short overview of how cookie-stealing works with XSS.

like image 178
Chris Avatar answered Nov 13 '22 14:11

Chris