- User browses a web page (User -> Web server)
- Web server replies with requested page and sets a cookie on the user’s browser ( Web server -> User)
- Attacker steals cookie (Sniffing, XSS, phishing attack) (User -> Attacker)
- Attacker orders for product using modified cookie (Attacker -> Web server)
- Product is delivered to attacker’s address (Web server -> Attacker)
Cheng® 