https://stream.echo6.co/videos/watch/a1fe33d2-b79e-4442-a617-70dea1f4f7c1 Interested in earning a TCM Security Associate or Professional-level certification? Discover more and get started today: https://www.tcm.rocks/certifications-y Sponsor a Video: https://www.tcm.rocks/Sponsors Pentests & Security Consulting: https://tcm-sec.com Get Trained: https://academy.tcm-sec.com Get Certified: https://certifications.tcm-sec.com Merch: https://merch.tcm-sec.com Have you ever heard of Cookie Jar Overflows? This classic, yet often overlooked technique can allow attackers to remove cookies from a target user and replace them with their own-leading to serious security risks like account takeovers. When combined with vulnerabilities like session fixation, the impact can be devastating. 🔍 In this video, we'll cover: The theory behind cookie jar behavior and browser quirks., How attackers manipulate session cookies using this technique., A live demo of Cookie Jar Overflow in action, set up in a controlled lab environment., Key Concepts Explained: Browsers have cookie limits (e.g., ~160-165 cookies in Chrome/Firefox). By flooding the cookie jar, attackers can push out important cookies (like session cookies) and inject their own. If the web app doesn't validate cookies properly, the attacker gains control. This attack is even more dangerous when paired with Cross-Site Scripting (XSS) vulnerabilities. Other Use Cases: Cookie Jar Overflow isn't just about session fixation. It can also be used for: Cache poisoning with malicious cache keys., Manipulating application state via cookie-stored flags., Don't miss out on this critical insight into a technique that could bypass traditional security defenses! Watch now to learn how to protect your web applications. Be sure to subscribe to see similar content from Alex and the rest of the team. #infosec #howtohack #hacking #pentesting #cybersecurity#thecybermentor 📱Social Media📱 X: https://x.com/TCMSecurity Twitch: https://www.twitch.tv/thecybermentor Instagram: https://www.instagram.com/tcmsecurity/ LinkedIn: https://www.linkedin.com/company/tcm-security-inc/ TikTok: https://www.tiktok.com/@tcmsecurity Discord: https://discord.gg/tcm Facebook: https://www.facebook.com/tcmsecure 💸Donate💸 Like the channel? Please consider supporting me on Patreon: https://www.patreon.com/thecybermentor Support the stream (one-time): https://streamlabs.com/thecybermentor Hacker Books: Penetration Testing: A Hands-On Introduction to Hacking: https://amzn.to/31GN7iX The Hacker Playbook 3: https://amzn.to/34XkIY2 Hacking: The Art of Exploitation: https://amzn.to/2VchDyL The Web Application Hacker's Handbook: https://amzn.to/30Fj21S Real-World Bug Hunting: A Field Guide to Web Hacking: https://amzn.to/2V9srOe Social Engineering: The Science of Human Hacking: https://amzn.to/31HAmVx Linux Basics for Hackers: https://amzn.to/34WvcXP Python Crash Course, 2nd Edition: https://amzn.to/30gINu0 Violent Python: https://amzn.to/2QoGoJn Black Hat Python: https://amzn.to/2V9GpQk My Build: lg 32gk850g-b 32" Gaming Monitor:https://amzn.to/30C0qzV darkFlash Phantom Black ATX Mid-Tower Case: https://amzn.to/30d1UW1 EVGA 2080TI: https://amzn.to/30d2lj7 MSI Z390 MotherBoard: https://amzn.to/30eu5TL Intel 9700K: https://amzn.to/2M7hM2p G.SKILL 32GB DDR4 RAM: https://amzn.to/2M638Zb Razer Nommo Chroma Speakers: https://amzn.to/30bWjiK Razer BlackWidow Chroma Keyboard: https://amzn.to/2V7A0or CORSAIR Pro RBG Gaming Mouse: https://amzn.to/30hvg4P Sennheiser RS 175 RF Wireless Headphones: https://amzn.to/31MOgpu My Recording Equipment: Panasonic G85 4K Camera: https://amzn.to/2Mk9vsf Logitech C922x Pro Webcam: https://amzn.to/2LIRxAp Aston Origin Microphone: https://amzn.to/2LFtNNE Rode VideoMicro: https://amzn.to/309yLKH Mackie PROFX8V2 Mixer: https://amzn.to/31HKOMB Elgato Cam Link 4K: https://amzn.to/2QlicYx Elgate Stream Deck: https://amzn.to/2OlchA5 *We are a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for us to earn fees by linking to Amazon.com and affiliated sites. Mon, 13 Apr 2026 22:57:56 GMT https://validator.w3.org/feed/docs/rss2.html PeerTube - https://stream.echo6.co https://stream.echo6.co/client/assets/images/icons/icon-512x512.png https://stream.echo6.co/videos/watch/a1fe33d2-b79e-4442-a617-70dea1f4f7c1 All rights reserved, unless otherwise specified in the terms specified at https://stream.echo6.co/about and potential licenses granted by each content's rightholder.