1

I am trying to understand cookies and the hijacking/mitigation methods. I have noticed that some websites are more secure than others.

For example, I have two browsers (Edge and Firefox). I have installed Cookie-Editor onto the two browsers. Let's assume that the Edge is the vicitm, and Firefox is the attacker. I have logged into a website on Edge, exported all cookies and imported them into Firefox. I have refreshed Firefox and the session was hijacked. However, another website, if I do the same it blocks the session hijacking? Could someone explain please?

Binance is logging me in however Okex is not.

0xab3d
  • 111
  • 2
  • If the site stores all kind of information about you (including your browser details), it's easy for the site to detect the session is hijacked, unless you spoof everything the site is logging. (Of course, I've no idea whether any of the sites you mention do so). – Abigail Jan 22 '22 at 21:31
  • Thanks @Abigail. Not sure to be honest, I tried also using Edge only (for both the logged on and the hijacked sessions) each using a different profile on the same PC. Still not working. – 0xab3d Jan 22 '22 at 21:40
  • 4
    This question was already closed once because its already answered by [Why isn't stealing cookies enough to authenticate?](/questions/178663/). Please just don't simply repost the same question again but clarify at least what part of your question was not addressed by existing questions already. – Steffen Ullrich Jan 22 '22 at 23:16
  • Okex is most likly doing some type of browser fingerprinting on top of just using the cookie. See: https://en.wikipedia.org/wiki/Device_fingerprint – CaffeineAddiction Jan 23 '22 at 03:26
  • Thanks @SteffenUllrich I will check it out. – 0xab3d Jan 23 '22 at 09:38
  • Thanks @CaffeineAddiction I will check it out as well. – 0xab3d Jan 23 '22 at 09:38

0 Answers0