Browser Cache Weaknesses

Check List

Methodology

Black Box

History Exposure

Go to any page that displays sensitive data like Login Success Page

Enter or trigger sensitive information, Enter password And Submit or Load the Page

Click Logout, Confirm redirected to login page

If the previous page with sensitive data reloads, History Exposure Confirmed

Browser Cache Manually

If you are using Chrome browser, go to chrome://cache in the URL (For FireFox Browser about:cache)

Search for target domain

If sensitive page is cached, Cache Exposure Confirmed

Cache Deception

Go to the final paths that return sensitive information, such as /profile, /dashboard, /my-account, /settings, /username, and then capture the request using the Burp Suite tool.

When you receive a request for a sensitive path that captures information using the Burp suite tool, add an extension to the end of this path, like this

https://dashboard.target.com/my-profile/username/.css

Check if the HTTP response status is 200 and the response body contains dynamic/user-specific content your username, email, profile data, instead of a real CSS file

If caching headers are present, open the same URL (/my-profile/username/.css) in a private/incognito window or different browser (logged out) and confirm the response still returns your private profile data

White Box

Cheat Sheet

PreviousVulnerable Remember Password NextWeak Authentication Methods

Last updated 27 days ago

hashtagCheck List

hashtagMethodology

hashtagBlack Box

hashtagHistory Exposure

hashtagBrowser Cache Manually

hashtagCache Deception

hashtagWhite Box

hashtagCheat Sheet