@thegibson damn, that was a fascinating read!

I won't lie, the central idea of acting as a malicious proxy and storing the browser session is absolutely brilliant. Top-tier villain shit.

@thegibson I wonder if autodeleting cookies could possibly prevent this? -C

If the attacker doesn't log in immediately maybe with the captured cookie, but that probably isn't THAT good of a strategy? -V

Sign in to participate in the conversation
hackers.town

A bunch of technomancers in the fediverse. Keep it fairly clean please. This arcology is for all who wash up upon it's digital shore.