Cookie poisoning


Cookie poisoning, also known as session hijacking, is a type of cyber attack in which a bad actor hijacks, forges, alters or manipulates a http cookie to gain unauthorized access to a user's account, open a new account in the user's name or steal the user's information for purposes such as identity theft.

An attacker using cookie poisoning can gain unauthorized access to a user's account on the site the cookie was created for, or potentially tricking a server into accepting a new version of the original intercepted cookie with modified values. The items inside a cookie that are subject to cookie poisoning are often called parameters. Successful attempts at cookie poisoning will correctly identify the parameters that contain usable information, such as selecting a credit card number from a transaction that also includes items like a session ID, time stamp and other information about purchases.

One such example of cookie poisoning might involve intercepting an online retailer's cookie before its information is sent from a user's computer to the server during a "cart checkout" process and modifying price values to trick the server into charging the user less money.

As cookie poisoning is fairly easy to do, most securely designed web applications are developed so that certain key parameters are not stored within cookies, and are also given non-intuitive names and possible values to deter guessing and modification by an attacker. Additionally, a good web application firewall (WAF) will protect against cookie poisoning by detecting cookie "set" commands sent by the web server and intercepting all HTTP requests in order to compare them to the information present in the received cookie. The cookie is then only accepted if the information is deemed accurate and not tampered with, preventing any kind of forgery or manipulation by an attacker.

Research
Hacker’s Almanac Series I: The Threat Actors

Hacker’s Almanac Series I: The Threat Actors

This is part one of a three part field guide to understanding cybercriminals/threat actors and their tactics, techniques and procedures.

Read more
Research
Hacker’s Almanac Series II: Tactics, Techniques and Procedures

Hacker’s Almanac Series II: Tactics, Techniques and Procedures

This is part two of a three part field guide to understanding cybercriminals/threat actors and their tactics, techniques and procedures.

Read more

Contact Radware Sales

Our experts will answer your questions, assess your needs, and help you understand which products are best for your business.

Already a Customer?

We’re ready to help, whether you need support, additional services, or answers to your questions about our products and solutions.

Locations
Get Answers Now from KnowledgeBase
Get Free Online Product Training
Engage with Radware Technical Support

Get Social

Connect with experts and join the conversation about Radware technologies.

Radware Blog
Security Research Center