Showing posts from January, 2020

Google account cookie theft via blogspot

Intro Hi all, I'm going to run through this as I do it. That's because, even if it doesn't work on , I don't think this is a bad idea per se. It could work on other sites similar to blogspot that allow you to directly edit HTML and add scripts to a site with external cookies on them. If this comes to an abrupt end, then I'll definitely try some of those. I'm also pretty sure this has limited use see. Idea After seeing some examples of XSS being used to steal sessions. Now XSS is usually used to steal the cookies of someone else's site, but I had a thought - what stops you from stealing other website's cookies on your website, from other websites. For example, if you have a google account cookie on your blog, can you steal that? This has probably been thought of before, and it has probably been thought of. However, I feel like knowing something has been done before, or knowing that it isn't possible, can often get in the way of a good learning experie