Oh golly! {Stealing Cookies on Chrom*}
-
https://mango.pdf.zone/stealing-chrome-cookies-without-a-password
If you steal someone’s Chrome cookies, you can log in to their accounts on every website they’re logged in to.
Normally you need the user’s password to do it, but I found a way to do it without the password. You just need to be able to execute code on their computer. It works by using Chrome’s Remote Debugging Protocol.FAQ
Wait so you have to already be running code on someone’s computer for this to work? That’s not a big deal at all!
I mean yeah pretty much you’re right. It’s not that big a deal. Nobody panic. Everybody stay cool. The kinds of people who are stealing people’s browser cookies are just gonna have an easier time since there’s no more decrypting.modedit added explanative title
-
From the same person.
https://mango.pdf.zone/operation-luigi-how-i-hacked-my-friend-without-her-noticing
It amused me a lot for its implicit mocking of Strayan internet quality, & Millennial [etc] attitudes... but it also really demoralised me coz i expect that heaps of people would likely get easily caught out this way due to sheer laziness, inattention, tldr, & basically
whatevs
. The species is doomed. -
Most excellent reading.
Tx for posting.Cheers
-
@Steffie this gives me an idea : one of these days when I have enough free time I should try to hack/socially engineer myself and see how far I can get. World be a great way to find holes to plug.
-
@LonM Oh, we've already done that, & so now have compiled an extensive database of your... eclectic tastes. Pls send 42 bitcoin before CoB if you wish to keep the list suppressed.
:face_with_stuck-out_tongue_winking_eye:
-
I really like the style of their writing, funny and snarky. I read the article on the Abbot's boarding pass a couple of days ago, great fun.
But (like they also write) if you're already able to execute code on someone's machine you don't need to jump through the hoops to make Chrome run in headless debug mode, you could just run the decryption as the user with some basic DPAPI code. Or just run ChromeCookiesView from the command line. Unless it's detected by the local AV that is, if so then the best would be to make Chrome do it I guess.
-
@Pathduck said in Oh golly! {Stealing Cookies on Chrom*}:
the article on the Abbot's
Yes, that one too -- really funny IMO. I agree with you; the writing style really cracked me up. I especially like the implied mocking of contemporary zeitgeist, memes, attitudes etc.
-
@Steffie And to give some credit to the Aussie feds, they didn't send out the MiB and the SWAT team, which probably would've happened if it was the good ol' US of A...
-
@Pathduck said in Oh golly! {Stealing Cookies on Chrom*}:
credit to the Aussie feds
Nope. Those bastards & the fascists in govt already have a track record here of oppressing press freedom, intimidating journalists & their organisations, spying on friendly near-neighbour countries then vindictively vengefully punishing lawyers & journalists who exposed the outrages. Alex should think himself lucky... for now.
-
More cookie mischief. Unsurprising... & some of us have already discussed aspects of this over previous months.
when closing Chrome these two Google services only cleared cookies, but retained data in what’s known as “local storage.”
As i have written before, it is waaaaaaaaaaaaaaay more than only those two services that store these egregious “local storage” things. Absolutely none of the efforts i've taken over months has succeeded in either blocking them outright, or auto-cleaning them, so i instead tediously need to remember to frequently manually clean them out.
how to opt-out of these local storage shenanigans: by adding both youtube.com and google.com to the “sites that can never use cookies” setting on your browser. He added that ticking off the “always clear cookies when windows are closed” button isn’t enough
-
@Steffie I'm like Marvin (paranoid, not an android ) and I want to clear all that stuff (bar for the few I whitelisted) when I close V, except, obviously, I can't. So, I manually delete local storage. But I don't find it really tedious, it has just become a routine.
-
@hlehyaric
Here's another one of those self-satisfieddoorslocal storages. Life! Don't talk to me about life. -