If you would need to see what Information a Site has on you, based on the Cookie ID that they've stored on your Computer, how exactly would one do that?
Asked
Active
Viewed 43 times
2 Answers
2
You can't.
A cookie is best considered an opaque ticket, passed from the server to the client, for the client to return to the server as a means of storing state, or a reference to server-side persisted state, without the server needing to keep track of it itself.
Granted, some cookies are non-opaque, especially those that are intentionally exposed to Javascript (such as storing client-side preferences), but I'm assuming you're not interested in those.
So there is no way for a HTTP client to peer into a webserver's stored state. That's the point. Otherwise it would be insecure.
Here's a simple demonstration:
[Client] Hi Server. My name is Boris.
[Server] Hi Boris. I have assigned you visitor number 3. I have remembered your name is "Boris" and saved it in my internal database, associated with the number 3. Please refer to yourself as 3 in all future requests.
[Client] Okay, thanks, goodbye.,
(weeks pass)
[Client] Hi Server, remember me? I am visitor 3.
[Server] Yes, hello Boris.
[Client] I am visitor 3. Please remember that my hair is yellow.
[Server] Yes, I have remembered that visitor 3 also has yellow hair.
(weeks pass)
[Client] Hi Server, remember me? I am visitor 3. What color is my hair?
[Server] Your hair is yellow.
(more time passes)
[Client] Hi Server, I am visitor 3. What information do you have stored about me?
[Server] Hi visitor 3. I know your name and your hair color, but I won't tell you because I don't want to. I didn't even have to tell you that I knew those details.
So even though the cookie in this case is merely the number "3", the client has no way of knowing what the server has stored about it.
Dai
- 141,631
- 28
- 261
- 374
1
Unless the site stores things in your cookie, you're probably not able to get much. The cookie often has a userId or sessionId in it that the site uses to look up the information it knows about you. That information is stored in a database that you won't be able to get access to.
Some things you could do:
- Open the developer tools in your browser and look at the internet traffic that goes back and forth. You may be able to see some information about yourself there.
- Use a tool like Fiddler or BurpSuite to sniff the traffic between your computer and the site in question.
It may be wise to delete your cookies regularly or find a browser plugin like Self-Destructing Cookies if this bothers you.
Paul Oliver
- 7,531
- 5
- 31
- 34