+- The Un-Official Proxomitron Forum (https://www.prxbx.com/forums)
+-- Forum: Proxomitron Filters (/forumdisplay.php?fid=38)
+--- Forum: Privacy/Security/Spam (/forumdisplay.php?fid=10)
+--- Thread: Https Cookie Hijacking (/showthread.php?tid=1096)
Https Cookie Hijacking - Guest - Sep. 16, 2008 05:57 PM
Hi,
I just stumbled upon this cookie vulnerability and was wondering if it's possible to create a Proxo filter for it?
http://fscked.org/blog/fully-automated-active-https-cookie-hijacking
PS: It seems that Noscript has introduced some kind of protection against it, but I'm not using Noscript, but I rely on Proxo + Sidkis config set.
RE: Https Cookie Hijacking - ProxRocks - Sep. 16, 2008 06:37 PM
not a noscript'er either, but if noscript is a fix, then would not "disable scripts by default" be a fix also?
and what about deleting all cookies when the browser is closed? seems that should do the trick also...
RE: Https Cookie Hijacking - Siamesecat - Sep. 17, 2008 06:00 AM
Or, you could allow that site to set only session cookies.