The concept here used is to show how to check the cookies.The concept originates from the javascript programming
pattern itself.The Javascript Web attack space is discussed.
Cookie Theft
During normal operation, cookies are sent back and forth between a server (or a group of servers in the same domain)
and the computer of the browsing user. Since cookies may contain sensitive information (user name, a token used for
authentication, etc.), their values should not be accessible to other computers. Cookies theft is any process allowing
an unauthorised party to receive a cookie.
Cookie Poisoning
While cookies are supposed to be stored and sent back to the server unchanged, an attacker may modify the value of
cookies before sending them back to the server. If, for example, a cookie contains the total value a user has to pay
for the items in their shopping basket, changing this value exposes the server to the risk of making the attacker pay
less than the supposed price. The process of tampering with the value of cookies is called cookie poisoning, and is
sometimes used after cookie theft to make an attack persistent.
CrossSite Cooking
Each site is supposed to have its own cookies, so a site like evil.net should not be able to alter or set cookies for
another site, like good.net. Cross-site cooking vulnerabilities in web browsers allow malicious sites to break this
rule. This is similar to cookie poisoning, but the attacker exploits non-malicious users with vulnerable browsers,
instead of attacking the actual site directly. The goal of such attacks may be to perform session fixation.
The Test: