Client-Side Cookie Tampering

Cookie TamperingA cookie is a small snippet of information used by websites and web applications for user session tracking. They are often unencrypted (though cookie encryption is becoming more prevalent) and contain information created by web servers that is then stored on users’ web browsers. Whenever a user goes to a website that had previously set cookies in the user’s browser, the web server exchanges specific sets of data with the browser, usually for the purpose of facilitating easier log-in to a website or application, or returning the user to the same section of the web page that was previously being viewed, to name a few examples of cookie functionality.

Cookies can remain persistent until a preset date, or only valid for one user session until log-out. They can also be deleted by the user for additional privacy and to avoid revealing to one website that a user also visited (or has an account with) another website.

Client-side cookie tampering is a method of tampering with the information stored on a user’s web browser and manipulating it to be used in malicious ways, such as hijacking a user’s session on a website or application. Such tactics can be used to assist in account takeover, impersonation, and fraud. In the context of bot detection, cookies are not considered to be a reliable marker of a visitor’s identity or humanity since they can easily be tampered with on the client side to carry out malicious activities.

Radware’s Bad Bot Analyzer

Are Your Web Applications Secure Against Bad Bots? Find Out Now

Already a Customer?

We’re ready to help, whether you need support, additional services, or answers to your questions about our products and solutions.

Get Answers Now from KnowledgeBase
Get Free Online Product Training
Engage with Radware Technical Support
Join the Radware Customer Program

Get Social

Connect with experts and join the conversation about Radware technologies.

Security Research Center