捕捉被入侵的Cookie

Slack uses cookies to track session states for users on slack.com and the Slack Desktop app. The ever-present cookie banners have made cookies mainstream, but as a quick refresher, cookies are a little piece of client-side state associated with a website that is sent up to the web server on every request. Websites use this piece of information to inject state into the inherently stateless protocol of HTTP. At Slack, that means every time you sign into a workspace, your cookie (which we call the session cookie) is updated to reflect this.

Slack使用cookie来跟踪slack.com和Slack桌面应用程序上的用户会话状态。常见的cookie横幅使cookie成为主流,但是作为一个快速的提醒,cookie是与网站关联的客户端状态的一小部分,每次请求都会发送到Web服务器。网站使用这些信息将状态注入到HTTP协议的本质上无状态的过程中。在Slack中,这意味着每次您登录工作区时,您的cookie(我们称之为会话cookie)都会更新以反映这一点。

Since session cookies are frequently used to uniquely identify users in applications across the internet, they have become an obvious target for malicious actors looking to gain access to systems. If hackers present a cookie as their own, the website will typically grant them access as if they were the original user. Malicious actors often acquire these cookies through malware running on a user’s device, using the malware to silently steal cookies and other sensitive data and send them to a server controlled by the attackers. Using this stolen data allows them to gain access to a variety of internet applications ranging from banking services to social media sites. The consequences of this can be severe, ranging from financial loss and identity theft to the exposure of confidential communications and personal information. 

由于会话cookie经常用于在互联网上的应用程序中唯一标识用户,它们已成为恶意行为者寻求获取系统访问权限的明显目标。如果黑客将cookie作为自己的cookie呈现,网站通常会授予他们访问权限,就像他们是原始用户一样。恶意行为者通常通过在用户设备上运行恶意软件来获取这些cookie,使用恶意软件悄悄地窃取cookie和其他敏感数据,并将其发送到攻击者控制的服务器。使用这些窃取的数据使他们能够访问各种互联网应用程序,从银行服务到社交媒体网站。这可能导致严重后果,包括财务损失、身份盗窃、机密通信和个人信息的曝光。

Slack workspaces contain sensitive data and can be an attractive target for attackers. Consider the situation where a threat actor phishes a user and manages to install malware on their device. The mal...

开通本站会员,查看完整译文。

ホーム - Wiki
Copyright © 2011-2024 iteam. Current version is 2.139.0. UTC+08:00, 2024-12-26 14:27
浙ICP备14020137号-1 $お客様$