Resources

People often ask me "How did you learn how to hack?" The answer: by reading. This page is a collection of the blog posts and other articles that I have accumulated over the years of my journey. Enjoy!

Cookies are identifiers stored with a particular website in the browser. They are commonly used for session identifiers, tracking information, locale and many other things. Without cookies, making an authenticated website work is significantly harder.

Cookies have many settings, such as the domain, the path and various security flags, such as HTTPOnly, SameSite and a few others. Although these flags and settings seem simple, the settings can be the difference between compromise and no compromise. This post goes into the security of the domain attribute.

The domain attribute is used to set the location where the cookie is referenced too. In order to make development easy to use, the top level domain (example.com) can allow its subdomains to access the cookies as well (subdomain.example.com).

However, this creates a potential security issue. If the cookie can be accessed and used on subdomains, then any website with an XSS vulnerability can access or use this cookie that is on the main site! So, in order to make sure the main website is safe, all subdomains have to be safe: that's a very tall ask.

When scoping out the domain attribute of a website, try not to allow it on other subdomains as well; this is ripe for an attacker to exploit into something that is not serious.