DEV Community πŸ‘©β€πŸ’»πŸ‘¨β€πŸ’»

Victor Ribeiro
Victor Ribeiro

Posted on • Originally published at github.com

Cookie Stealer

A Cookie Stealer disguised as a gif image

Top comments (3)

Collapse
seraphicrav profile image
Ravaka Razafimanantsoa

lol, I did that really long ago but with a different purpose.

I used the same technique (with URL rewriting to make the PHP not noticeable, the resource was named *.gif or *.jpeg) to get statistics with Google Analytics on the people loading my messages on forums.

Collapse
victorqribeiro profile image
Victor Ribeiro Author

Help me out then, it was a bug that has been fixed on browsers? Cause since I post this all I do is explain to people that a image request used to send cookie information with it. But people are reluctant to accept that.

Collapse
seraphicrav profile image
Ravaka Razafimanantsoa

I was not using cookies when I was doing my analysis.

On your case, cookies are limited to a domain or subdomain so all you can get are cookies badly configured on a subdomain from another subdomain you own. In the majority of the case, it won't work.

🌚 Friends don't let friends browse without dark mode.

Sorry, it's true.