Комментарии:
I have question. If the auth code is for single use. How can both attacker and the target user can use this single use code with the application?
Ответить
Very clearly illustrated, thanks for explaining and demoing this!
Ответить
thanks
Ответить
Very informative video. Thanks a lot!
Ответить
By watching this vid, I became a more informed person: my time was well spent - thx!
Ответить
Are there other attack scenarios that don't require a malicious browser extensions (or compromised user agent or MITM)? I don't know much about browser extensions, but don't they already have access to cookies, browser storage, and/or the page's DOM? Therefore session hijacking can already be done in different ways at that point?
Ответить
But isn't the back channel supposed to send the code along with some secret to the authorization server of Google ? I thought the need to have a front and a back channel was specifically aimed to prevent this kind of attacks where someone could replay your auth code but as it does not have the client secret the auth server would not grant the access_token.
Ответить
thanks
Ответить
