Why is the browser not sending cookies with cross-domain WebSocket handshake request?
If I have understood Cross-Site WebSocket Hijacking (CSWSH) attack correctly [1][2][3][4], the attack relies on two things (examples are from the first reference):
the browser sending the cookies set by the victim domain (www.some-trading… Continue reading Why is the browser not sending cookies with cross-domain WebSocket handshake request?