Member-only story
Bypassing 2FA With Cookies!
š„Not a member? Find my posts and more on X (Twitter š¤) ā Follow me ā
If you have two-factor authentication (2FA) enabled on your account, you canāt be compromised, right?
Well, not exactly. As technology advances, so do the attackers. Phishing attacks have become more sophisticated and attackers are finding ways to bypass 2FA. The reason why is because of the delicious cookies stored in your browser. Session cookies are a way to show the server that the user has already authenticated. This includes passing the 2FA challenge. Your browser can use these cookie until itās passed its sell-by date (Sorry). Once the cookie has expired, you will be asked to re-authenticate.
It depends on the application, but some may have stronger restrictions than others. These include:
- A single use cookie.
- Restricted by IP, device or some sort of fingerprint.
- Linked to another element which validates the cookie (Anti-Spoofing).
This isnāt the case for all though and this is what attackers are exploiting. Services like Outlook, Gmail and social networking platforms all allow the cookie to be reused. The attacker just needs a way of extracting them.
To show you how it works, Iām going to be using a browser extension called EditThisCookieā¦
