cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

How to whitelist individual cookie@website (per container?)

shodan
Making moves

For example, let’s take the website github.com

If you don’t want to have to log in everytime you restart the browser, you have to whitelist the entire website as follows

shodan_0-1688792013977.png

But you would only need to whitelist the following cookies to do so.

on .github.com
logged_in

on github.com
_device_id
user_session
__Host-user_session_same_site
_gh_sess

I found an add-on called “Cookie Quick Manager” which is a great way to consult your cookies on a per-site basis, is container aware, it’s great.

In that add-on there was a “protect cookie” function

shodan_1-1688792027008.png

Unfortunately, it would only only protect cookies from getting deleted by “Cookie Quick Manager” and not firefox’s “delete data when Firefox is closed” but that would have been a fantastically convenient way to handle this

I think what would make sense would be the ability to append cookie name and container names to the “delete data when Firefox is closed” exception list

So instead of just

https://github.com

You might be able to specify containername!cookiename@https://github.com

With both the containername part and the cookiename part being optional limits to the whitelisting

Here is a mockup of what that might look like

shodan_2-1688792040549.png

If that were a feature, right now I would add the following cookies to that list, as example

I found these with Cookie Quick Manager, with some more trial and error it should be possible to ensure exactly which cookies are needed.

Cookies have a IsSecure flag and a IsSessionID flag but developpers do not respect the IsSessionID flag and put necessary login cookies without this flag

"github container"!logged_in@https://.github.com
"github container"!_device_id@https://github.com
"github container"!user_session@https://github.com
"github container"!githubcontnr!_gh_sess@https://github.com
"github container"!__Host-user_session_same_site@https://github.com

"google message container"!OSID@https://essages.google.com
"google message container"!__Secure-OSID@https://essages.google.com
"google message container"!pair_state_cookie@https://essages.google.com

"facebook container"!wd@https://.facebook.com
"facebook container"!dpr@https://.facebook.com
"facebook container"!datr@https://.facebook.com
"facebook container"!sb@https://.facebook.com
"facebook container"!c_user@https://.facebook.com
"facebook container"!xs@https://.facebook.com
"facebook container"!fr@https://.facebook.com

"reddit container"!reddit_session@http://.reddit.com
"reddit container"!token_v2@http://.reddit.com
"reddit container"!session_tracker@http://.reddit.com

"youtube container"!SID@https://.youtube.com
"youtube container"!__Secure-1PSID@https://.youtube.com
"youtube container"!__Secure-3PSID@https://.youtube.com
"youtube container"!HSID@https://.youtube.com
"youtube container"!SSID@https://.youtube.com
"youtube container"!APISID@https://.youtube.com
"youtube container"!SAPISID@https://.youtube.com
"youtube container"!__Secure-1PAPISID@https://.youtube.com
"youtube container"!__Secure-3PAPISID@https://.youtube.com

"gmail container"!OSID@https://mail.google.com
"gmail container"!__Secure-OSID@https://mail.google.com
"gmail container"!COMPASS@https://mail.google.com
"gmail container"!GMAIL_AT@https://mail.google.com

"chatgpt container"!__cf_bm@https://.auth0.openai.com
"chatgpt container"!_cfuvid@https://.chat.openai.com
"chatgpt container"!__cf_bm@https://.chat.openai.com

 

 

 

0 REPLIES 0