The Un-Official Proxomitron Forum / Proxomitron Filters / Privacy/Security/Spam / Https Cookie Hijacking


Post Reply 
Https Cookie Hijacking
Sep. 16, 2008, 05:57 PM
Post: #1
Guest
Unregistered
 		 
Https Cookie Hijacking
Hi,

I just stumbled upon this cookie vulnerability and was wondering if it's possible to create a Proxo filter for it?

http://fscked.org/blog/fully-automated-a...-hijacking


PS: It seems that Noscript has introduced some kind of protection against it, but I'm not using Noscript, but I rely on Proxo + Sidkis config set.
Quote this message in a reply
Sep. 16, 2008, 06:37 PM
Post: #2
ProxRocks Offline
Administrator
*******
 		Posts: 2,310
Joined: Mar 2004
RE: Https Cookie Hijacking
not a noscript'er either, but if noscript is a fix, then would not "disable scripts by default" be a fix also?

and what about deleting all cookies when the browser is closed? seems that should do the trick also...
Add Thank You Quote this message in a reply
Sep. 17, 2008, 06:00 AM
Post: #3
Siamesecat Offline
Member
****
 		Posts: 500
Joined: Mar 2004
RE: Https Cookie Hijacking
Or, you could allow that site to set only session cookies.
Add Thank You Quote this message in a reply
Post Reply 


Forum Jump:


Contact Us | The Un-Official Proxomitron Site | Return to Top | Return to Content | Lite (Archive) Mode | RSS Syndication