Browser Cache Weaknesses

Check List

Methodology

Black Box

History Exposure

1

Go to any page that displays sensitive data like Login Success Page

2

Enter or trigger sensitive information, Enter password And Submit or Load the Page

3

Click Logout, Confirm redirected to login page

4

If the previous page with sensitive data reloads, History Exposure Confirmed

Browser Cache Manually

1

If you are using Chrome browser, go to chrome://cache in the URL (For FireFox Browser about:cache)

2

Search for target domain

3

If sensitive page is cached, Cache Exposure Confirmed

Cache Deception

1

Log in to the target site and complete the authentication process using

2

Go to the final paths that return sensitive information, such as /profile, /dashboard, /my-account, /settings, /username, and then capture the request using the Burp Suite tool.

3

When you receive a request for a sensitive path that captures information using the Burp suite tool, add an extension to the end of this path, like this

https://dashboard.target.com/my-profile/username/.css
4

Check if the HTTP response status is 200 and the response body contains dynamic/user-specific content your username, email, profile data, instead of a real CSS file

5

If caching headers are present, open the same URL (/my-profile/username/.css) in a private/incognito window or different browser (logged out) and confirm the response still returns your private profile data

White Box

Cheat Sheet

PreviousVulnerable Remember PasswordNextWeak Authentication Methods

Last updated