i was given a task to find a working way to bypass windows and android browsers same origin policy to be able to get the cookie of an open Tab in victim's browser (like Gmail or ... cookie). but as far as i searched and read about this it seems that there is actually no way to do this . though there is some ways to bypass the SOP (CORS, document.domain, ... ) but they are not practical enough to take the cookie of another opened tab . ( i have to mention that i dont want to use man in the middle on network to pick the cookies) .
however we know that there is alot of attackers using SOP Bypassing to thief cookies from browsers . i wanna know if there is anyway to do this ?