Twitter Session Hijack Aka Cookie Stealing

How to hack yourself on twitter 101, try it on your browser now!

Bypasses 2FA , a 128 password and physical USB keys!

+ways to prevent this 🧵

Developers hate this one simple trick!
SPOILERS: it's cookie 🍪 stealing!
#hacked #vtubers #artists #sessionhijacking

First of all I want to say, making an authentication system without exposing some sort of secret is basically impossible, banks reduces risk most likely by making the cookie expire REALLY quickly, like 15min or something. Also scaling to millions of users would be very difficult.

In other words don't get mad at twitter for this, probably almost every website/app you use right now does something similar, so be mad at everything instead 🤣