Supercookies

Explore the concept of supercookies, which are cookies set on top-level domains and blocked by browsers due to privacy and security concerns. Understand how supercookies differ from traditional cookies and other tracking methods like ETag tracking, examine real-world examples of unwanted user tracking by ISPs, and prepare to learn crucial cookie security flags that protect user information.

We'll cover the following...

- Introduction
- Unwanted Verizon ads
- Cookie flags that matter

Introduction

What if we were able to set a cookie on a top-level domain (TLD) such as .com or .org? That would be a huge security concern, for two reasons:

user privacy: every website running on that specific TLD would be able to track information about the user in shared storage
information leakage: a server could mistakenly store a sensitive piece of data in a cookie available to other sites

In the following code, by appending ?super=on to the URL, the server is going to set a cookie on the domain local (e.g., wasec.local). Since it is a ...

1.Introduction

2.Understanding The Browser

3.HTTP

4.Protection through HTTP Headers

5.HTTP Cookies

6.Situationals

7.DDoS Attacks

8.Bug Bounty Programs

9.Conclusion

Project

Supercookies

Introduction