evercookie icon indicating copy to clipboard operation
evercookie copied to clipboard

Published 20 hours ago verified publisher icon samyk

Support "the HSTS cookie"

Open graingert opened this issue 12 years ago • 2 comments

http://hstscookie.ca/ has a demo fro storing cookies via HSTS browser records:

From the site "The HSTS cookie cannot be removed by clearing your cookies. It will be deleted if you clear 'site preferences', however, doing that will also clear a lot of useful information and expire the HSTS pins for other sites."

graingert avatar Jul 02 '12 09:07 graingert

I just wrote a POC for that (see https://github.com/SleepProgger/hsts-cookie-poc ). If there is interest i would dig into the evercookie src, merge and send a pull request.

There is a limitations with this technique though: You need to have an wildcard certificate or enough valid certificates. At least Firefox ignores the HSTS Header if the certificate is untrusted (self signed)

SleepProgger avatar Oct 21 '15 23:10 SleepProgger

Very cool, would love that! The different methods in evercookie are pretty well segregated, you just need a read function, write function and the callers.

samyk avatar Oct 21 '15 23:10 samyk