How it works...
In this recipe, we saw how we can use the browser's Developer Tools to view and edit the contents of the browser's storage. We verified the differences in accessibility between Local Storage and Session Storage, and how an XSS vulnerability can expose all stored information to an attacker.
First, we accessed Local Storage from an application different from the one that added the storage, but in the same domain. To do that, we used window.localStorage.MessageOfTheDay, taking the key value as the object name and referencing it directly as a member of Local Storage. For the Session Storage, we had to move to the window that created the storage and exploit a vulnerability there; here, we used a different instruction to get the ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access