Skip to content

HolyBugx/Demystifying-Cookies-and-Tokens-Security

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

14 Commits

another-site-mainsite.lab

another-site-mainsite.lab

 
 

configs

configs

 
 

default

default

 
 

exploits

exploits

 
 

presentation

presentation

 
 

same-site-mainsite.lab

same-site-mainsite.lab

 
 

xyz.subdomain.same-site-mainsite.lab

xyz.subdomain.same-site-mainsite.lab

 
 

Dockerfile

Dockerfile

 
 

README.md

README.md

 
 

entrypoint.sh

entrypoint.sh

 
 

Repository files navigation

Screen Shot 2021-08-01 at 23 04 53

  • The full article is posted on my blog.
  • The video presentation is shared here.
  • The presentation slides are shared here.
  • The exploit codes are shared here.
  • Special thanks to @YShahinzadeh for interactive dockerized labs!

Labs installation

git clone https://github.com/HolyBugx/Demystifying-Cookies-and-Tokens-Security.git
cd Demystifying-Cookies-and-Tokens-Security
docker build -t samesite . --rm
docker run --name samesite -p 80:80 -v $PWD/another-site-mainsite.lab/:/var/www/app/another -v $PWD/same-site-mainsite.lab/:/var/www/app/main -v $PWD/xyz.subdomain.same-site-mainsite.lab/:/var/www/app/sub --rm samesite

The session's attribute can be changed by modifying index.php:

session_set_cookie_params([
    'samesite' => 'Lax'
]);

Then add the following lines into the hosts file:

127.0.0.1 same-site-mainsite.lab
127.0.0.1 xyz.subdomain.same-site-mainsite.lab
127.0.0.1 another-site-mainsite.lab

Credentials

Username: security
Password: flow

About

Learn Cookies and Tokens Security in Practice.

Resources

Readme
Activity

Stars

42 stars

Watchers

3 watching

Forks

12 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages