The HTTP protocol for the longest time has had a feature called Cookies. Today, all of the modern web development structure offers an easy access to cookies for programmers to never concern on how to format them or to make sure cookie headers are directed accurately. It is instructive to learn on how cookies work as well as the options they support. The two essential function of a cookie is to first, store information and second to instruct a Web server of a user returning to a specific Website/page. As an example is the personalization of Web pages, or registering for products/services. When that action occurs on a web browser a cookie is create on the client side. On the server side of the visiting Web page server the cookie assists in recalling the specific information (Zakas, 2009). The cookie simplifies the process of recording web visitors’ personal information. This information includes the following: billing addresses, shipping addresses, and so on. As a result, the same Web sites that are visited again, the information that was previously recorded is retrieved. This eases the Web surfing experience since the Web site features that were previously chosen are invoked again without the user intervention (Zakas, 2009).
There is, however, privacy concerns regarding the use of cookies. Unfortunately, Web browsers almost never authenticate with a domain that sets a cookie. In turn, this flaw can be exploited by an attacker to set their own rogue cookies and use them later via an HTTPS connection. Thus, a victim will be fooled into using the attacker’s cookie instead of the legitimate Web site cookie. In addition, the attacker in conjunction with other known vulnerabilities in Web servers like SQL Injection, can use its controlled cookie to gain access of private information (Anderson, 2015). Remember cookies stores many types of information of the web surfing user. Therefore, using a man-in-the-middle (MITM) attacks on an HTTP session, the attacker can...