Is this a potential spoofing exploit?

%3CLINGO-SUB%20id%3D%22lingo-sub-1299412%22%20slang%3D%22en-US%22%3EIs%20this%20a%20potential%20spoofing%20exploit%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1299412%22%20slang%3D%22en-US%22%3E%3CUL%3E%3CLI%3E%3CP%3E%3CSPAN%3E%3CSPAN%20class%3D%22%22%3EInstall%20OfficeDevPnP.Core%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLI%3E%3CLI%3E%3CP%3E%3CSPAN%3E%3CSPAN%20class%3D%22%22%3ECreate%20a%20ClientContext%20with%20AuthenticationManager.GetWebLoginClientContext%20method%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLI%3E%3CLI%3E%3CP%20class%3D%22%22%3E%3CSPAN%3EGet%20CookieCollection%20from%20ExecutingWebRequest%20event%20as%20below%20CookieCollection%20cookies%20%3D%20null%3B%20clientContext.ExecutingWebRequest%20%2B%3D%20delegate%20(object%20sender%2C%20WebRequestEventArgs%20e)%20%7B%20cookies%20%3D%20e.WebRequestExecutor.WebRequest.CookieContainer.GetCookies(new%20Uri(siteurl))%3B%20%7D%3B%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLI%3E%3CLI%3E%3CP%20class%3D%22%22%3E%3CSPAN%3ESave%20Cookie%20object%20from%20CookieCollection%20as%20text%20file.%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLI%3E%3CLI%3E%3CP%3E%3CSPAN%3ECopy%20the%20Cookie%20objects%20to%20a%20different%20machine%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLI%3E%3CLI%3E%3CP%3E%3CSPAN%3ELoad%20Cookie%20objects%20to%20CookieContainer%20as%20below%20clientContext.ExecutingWebRequest%20%2B%3D%20delegate%20(object%20sender%2C%20WebRequestEventArgs%20e)%20%7B%20e.WebRequestExecutor.WebRequest.CookieContainer%20%3D%20new%20CookieContainer()%3B%20foreach%20(Cookie%20cookie%20in%20cookies)%20%7B%20e.WebRequestExecutor.WebRequest.CookieContainer.Add(cookie)%3B%20%7D%20%7D%3B%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLI%3E%3CLI%3E%3CP%3E%3CSTRONG%3EUser%20can%20access%20the%20same%20Sharepoint%20site%20without%20having%20to%20login%20and%20this%20login%20session%20will%20not%20show%20up%20in%20Azure%20Sign%20in%20history%20list.%3C%2FSTRONG%3E%3C%2FP%3E%3C%2FLI%3E%3C%2FUL%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1299412%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3ESecurity%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3ESharePoint%20Online%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
Occasional Contributor
  • Install OfficeDevPnP.Core

  • Create a ClientContext with AuthenticationManager.GetWebLoginClientContext method

  • Get CookieCollection from ExecutingWebRequest event as below CookieCollection cookies = null; clientContext.ExecutingWebRequest += delegate (object sender, WebRequestEventArgs e) { cookies = e.WebRequestExecutor.WebRequest.CookieContainer.GetCookies(new Uri(siteurl)); };

  • Save Cookie object from CookieCollection as text file.

  • Copy the Cookie objects to a different machine

  • Load Cookie objects to CookieContainer as below clientContext.ExecutingWebRequest += delegate (object sender, WebRequestEventArgs e) { e.WebRequestExecutor.WebRequest.CookieContainer = new CookieContainer(); foreach (Cookie cookie in cookies) { e.WebRequestExecutor.WebRequest.CookieContainer.Add(cookie); } };

  • User can access the same Sharepoint site without having to login and this login session will not show up in Azure Sign in history list.

0 Replies