Search the Community

Don't Leach ❤️ [hide][Hidden Content]]

Cookie Highlights Protection from tracking and online profiling. Comprehensive cookie control Cookie gives you total control over all cookie storage types: HTTP cookies, Flash cookies, HTML5 databases, localStorage, IndexedDB as well as browser history and caches. Rest assured Cookie has all your private data covered. Simple but Powerful Simple enough for even the most technophobic computer users, yet Cookie makes no compromises for power users. After a quick initial setup, Cookie will protect your privacy, keeping you safe from tracking and online profiling just the way you want. Tracking cookie detection Advanced detection and removal of spying and tracking cookie threats. Select favorite domains for all cookie types to completely customise your browsing experience. Setup automatic removal schedules for even better peace of mind. Individual browser settings Removal schedules and favorites can all be configured individually for each browser, or globally for all browsers. And because some Chrome based browsers support the use of multiple users, so does Cookie. [Hidden Content] [hide][Hidden Content]]

Launch Example Usage Example The main advantage of using WebView2 for attackers is the rich functionality it provides when phishing for credentials and sessions. Stealing Chrome Cookies WebView2 allows you to launch with an existing User Data Folder (UDF) rather than creating a new one. The UDF contains all passwords, sessions, bookmarks, etc. Chrome’s UDF is located atC:\Users\<username>\AppData\Local\Google\Chrome\User Data. We can simply tell WebView2 to start the instance using this profile and upon launch extract all cookies and transfer them to the attacker’s server. The only catch is that WebView2 looks for a folder called EBWebView instead of User Data (not sure why). Copy the User Data folder and rename it to EBWebView. Important Functions If you’d like to make modifications to the binary you’ll find information about the important functions below. AppStartPage.cpp – GetUri() function has the URL that is loaded upon binary execution. ScenarioCookieManagement.cpp – SendCookies() function contains the IP address and port where the cookies are sent. AppWindow.cpp – CallCookieFunction() function waits until the URL starts with [Hidden Content]= and calls ScenarioCookieManagement::GetCookiesHelper(L”[Hidden Content]) WebView2APISample.rc – Cosmetic changes Remove the menu bar by setting all POPUP values to “”. Change IDS_APP_TITLE and IDC_WEBVIEW2APISAMPLE. This is the name of the application in the title bar. Change IDI_WEBVIEW2APISAMPLE and IDI_WEBVIEW2APISAMPLE_INPRIVATE and IDI_SMALL. These point to a .ico file which is the icon for this application. Toolbar.cpp – itemHeight must be set to 0 to remove the top menu. This is already taken care of in this code. AppWindow.cpp – LoadImage() should be commented out. This hides the blue splash image. This is already taken care of in this code. App.cpp – new AppWindow(creationModeId, WebViewCreateOption(), initialUri, userDataFolder, false); change the last param value to true. This hides the toolbar. This is already taken care of in this code. [hide][Hidden Content]]

Totaljs CMS version 12.0 mints an insecure cookie that can be used to crack the administrator password. View the full article

[Hidden Content]

BlogEngine.NET versions 3.3.6 and 3.3.7 suffer from theme Cookie directory traversal and remote code execution vulnerabilities. View the full article

The erlang port mapper daemon is used to coordinate distributed erlang instances. Should an attacker get the authentication cookie, remote code execution is trivial. Usually, this cookie is named ".erlang.cookie" and varies on location. View the full article