Monday, March 6, 2017

Understanding Cookies

Cookies

Many of us receive Cookie settings; accept cookies prompts when we visit a website. 

Cookies are key part of HTTP protocol that most web applications rely on. They are helpful for exploiting vulnerabilities. In other way, it is a small piece of text (an unique identifier) sent to your browser by a website you visit. The website then saves some information about the visitor such as your website preference, search history, choice of language etc to provide you relevant content locally. 

When a cookie is created by the server upon connection and the data is labelled with an unique ID to user and computer. A server issues cookies using a set-cookie response header. When the cookie is exchanged between the computer and server later again, the server reads the ID and knows what information is required to send you back or to represent you. 

Sometimes a cookie used to authenticate users and help ensure that the only actual owner of the account is accessing the site. These are essential for internet however it poses risk towards privacy. 

Cookies normally consist of a name with value in pair like (cookie:tracking:mmGho90Kio56n90Mnpe4w)

Cookies are beneficial for:

  • Session Management
  • Personalization
  • Tracking

For Example

Shopping sites or ecommerce sites use cookies to track items that users view earlier time and then the sites show same and relevant items every time to the user. 

There are two types of cookies available such as Session and persistent. 

Session cookies: 

Session cookies are used when we navigate a website. The cookies get stored in RAM for that time. When we close the browser or the session ends, these stored session cookies got deleted automatically. 

Persistent Cookies:

Persistent cookies in the other way remains in the system to a longer period of time where many of them include with a expiration date and they got deleted automatically when that time comes. Persistent cookies ideally used for authentication and tracking purpose. 

How Danger it is:

The cookies cannot harm the system although but, hackers can steal your system cookies and enable access to browsing sessions. They can track individual browsing history and dupe them in future with its social engineering tactics. 

(Image Source:https://networkencyclopedia.com/http-cookie/)

Please provide your feedback and suggestions if any. Thanks!

-DR


No comments:

Post a Comment

Network Scanning Tools

Network Scanning through Nmap and Nessus Network scanning is a process used to troubleshoot active devices on a network for vulnerabilities....