Time to get serious.....about cookies! :D

[centip3de]

So, so far, i've been more or less screwing around on this site, reading fourms, collecting info, etc etc. But now, is the time i get serious!

So I've had this question on my mind for quite some time now, I know a cookie is a data transfer of packets? between your computer and the server, my question is, when you go to a malicious site, how would you "receive" the virus/malware etc, etc.
I had an idea that they would embed it in the cookie via PHP maybe? But then I thought the file would be much to big for a cookie, because, aren't they supposed to be kilobytes of information, not megabytes? Anyway, just thought I should figure this out before I go out giving nooby advice that will probably end up blowing up a computer in fiery flames and destruction >.<"

Sorry for the noob question,
centip3de

[Goatboy]

I'd drop that definition in a heartbeat. A cookie is little more than a small file stored on your computer by a browser, usually used to hold preference and visit information, and sometimes login status or other things. There would be no way to effectively embed PHP inside of it, and even if you could, no way to effectively run it.

[centip3de]

I'd drop that definition in a heartbeat. A cookie is little more than a small file stored on your computer by a browser, usually used to hold preference and visit information, and sometimes login status or other things. There would be no way to effectively embed PHP inside of it, and even if you could, no way to effectively run it.

Oh.....Well then whats all this I hear about "Cookie editing" and "Malicous cookies"?

[cilpolir]

I'd drop that definition in a heartbeat. A cookie is little more than a small file stored on your computer by a browser, usually used to hold preference and visit information, and sometimes login status or other things. There would be no way to effectively embed PHP inside of it, and even if you could, no way to effectively run it.

Oh.....Well then whats all this I hear about "Cookie editing" and "Malicous cookies"?

Real malicious cookies are those with milk from manboobiez

[centip3de]

Mmmmm smexi

[sanddbox]

First of all, cookies are less than kilobytes. Also, viruses are usually much smaller than megabytes - they're usually just kilobytes.

Anyways, as Goatboy said, your definition of cookies is off. He's already been over what cookies are, so I won't go more into that.

You asked what malicious cookies are. These are usually cookies that track where you've been and are used to generate advertisements that are relevant to where you have been. They are considered malicious because they pose a privacy threat.

[imcrafty]

Cookies?? Are they like donuts?

[centip3de]

First of all, cookies are less than kilobytes. Also, viruses are usually much smaller than megabytes - they're usually just kilobytes.

Anyways, as Goatboy said, your definition of cookies is off. He's already been over what cookies are, so I won't go more into that.

You asked what malicious cookies are. These are usually cookies that track where you've been and are used to generate advertisements that are relevant to where you have been. They are considered malicious because they pose a privacy threat.

Thanks

[tgoe]

centip3de,

What you're trying to accomplish will always require a browser exploit that gives you a way to execute arbitrary code on the client machine. Getting the code to the client is the easy part. You could use a traditional cookie if the code is <3-4k, a flash LSO: <100k, HTML5 Web Storage: 3-5mb?, a JavaScript file with an encoded var, an engineered image, a Java applet .jar...

At the root of all this is a browser exploit and at that point delivery is moot.

[sanddbox]

The main problem with your logic, OP, is that cookies are read, not executed.

Of course, when I say "main problem", I'm ignoring your fundamental misunderstanding of cookies