Forum Discussion

Jack_Le_Syn's avatar
Jack_Le_Syn
Copper Contributor
Apr 10, 2020

Is this a potential spoofing exploit?

  • Install OfficeDevPnP.Core

  • Create a ClientContext with AuthenticationManager.GetWebLoginClientContext method

  • Get CookieCollection from ExecutingWebRequest event as below CookieCollection cookies = null; clientContext.ExecutingWebRequest += delegate (object sender, WebRequestEventArgs e) { cookies = e.WebRequestExecutor.WebRequest.CookieContainer.GetCookies(new Uri(siteurl)); };

  • Save Cookie object from CookieCollection as text file.

  • Copy the Cookie objects to a different machine

  • Load Cookie objects to CookieContainer as below clientContext.ExecutingWebRequest += delegate (object sender, WebRequestEventArgs e) { e.WebRequestExecutor.WebRequest.CookieContainer = new CookieContainer(); foreach (Cookie cookie in cookies) { e.WebRequestExecutor.WebRequest.CookieContainer.Add(cookie); } };

  • User can access the same Sharepoint site without having to login and this login session will not show up in Azure Sign in history list.

security
SharePoint Online
No RepliesBe the first to reply

Resources