Комментарии:
I have question. If the auth code is for single use. How can both attacker and the target user can use this single use code with the application?
ОтветитьVery clearly illustrated, thanks for explaining and demoing this!
Ответитьthanks
ОтветитьVery informative video. Thanks a lot!
ОтветитьBy watching this vid, I became a more informed person: my time was well spent - thx!
ОтветитьAre there other attack scenarios that don't require a malicious browser extensions (or compromised user agent or MITM)? I don't know much about browser extensions, but don't they already have access to cookies, browser storage, and/or the page's DOM? Therefore session hijacking can already be done in different ways at that point?
ОтветитьBut isn't the back channel supposed to send the code along with some secret to the authorization server of Google ? I thought the need to have a front and a back channel was specifically aimed to prevent this kind of attacks where someone could replay your auth code but as it does not have the client secret the auth server would not grant the access_token.
Ответитьthanks
Ответить