DEV Community

loading...

Cookie Stealer

victorqribeiro profile image Victor Ribeiro Originally published at github.com ・1 min read

A Cookie Stealer disguised as a gif image

Discussion (3)

pic
Editor guide
Collapse
seraphicrav profile image
Ravaka Razafimanantsoa

lol, I did that really long ago but with a different purpose.

I used the same technique (with URL rewriting to make the PHP not noticeable, the resource was named *.gif or *.jpeg) to get statistics with Google Analytics on the people loading my messages on forums.

Collapse
victorqribeiro profile image
Victor Ribeiro Author

Help me out then, it was a bug that has been fixed on browsers? Cause since I post this all I do is explain to people that a image request used to send cookie information with it. But people are reluctant to accept that.

Collapse
seraphicrav profile image
Ravaka Razafimanantsoa

I was not using cookies when I was doing my analysis.

On your case, cookies are limited to a domain or subdomain so all you can get are cookies badly configured on a subdomain from another subdomain you own. In the majority of the case, it won't work.