-2

i was given a task to find a working way to bypass windows and android browsers same origin policy to be able to get the cookie of an open Tab in victim's browser (like Gmail or ... cookie). but as far as i searched and read about this it seems that there is actually no way to do this . though there is some ways to bypass the SOP (CORS, document.domain, ... ) but they are not practical enough to take the cookie of another opened tab . ( i have to mention that i dont want to use man in the middle on network to pick the cookies) .

however we know that there is alot of attackers using SOP Bypassing to thief cookies from browsers . i wanna know if there is anyway to do this ?

  • https://www.flickr.com/photos/iluvrhinestones/5889370258/ – Aria Jul 15 '16 at 18:30
  • An application can't read cookies of other domain. But if you consider the cases such as, an app A has cookie whose domain is abc.com and if you open an app B with domain abcinternal.abc.com then the previous cookie will be appended with every request of app B. – one Jul 15 '16 at 19:04
  • 1
    older android browsers allow access to the file system, which is where cookies are usually kept. – dandavis Jul 17 '16 at 12:52

1 Answers1

1

You are confusing CORS with SOP.

CORS enables Cross Origin Resource Sharing(unless authorized by the receiver), while SOP Ensures the Data is being accessed by the Same origin that created it. So by CORS you can't access other Tab's/Frame's data, unless you can execute JavaScript there. More on CORS & SOP.

There is no way you can cross SOP, unless you've turned that feature off or the browser have specific bug that exposes the data.

Community
  • 1
Deepak Chaudhary
  • 251
  • 2
  • 4