I read in The Hackers Manual 2012 about zombie cookies which are cookies that are really difficult to delete. From what I've gathered, how they work is that the site stores multiple cookies in different places so when you delete the cookies from one place, lets say by deleting the firefox cache, then a cookie which didn't get deleted (lets say an LSO cookie) regenerates the cookie that you deleted. Up until I learned about this, I thought that I knew how to clear my system of cookies but now I'm not so sure.
I want to play around with making these zombie cookies to learn what its all about. On this site:
http://samy.pl/evercookie/they let you set a zombie cookie and they show you the 11 mechanisms that they used to set it and let you see if you can kill the zombie cookie. When I clear my firefox cache, there are only 3 mechanisms left, the LSO, sessionData and windowData. I'm guessing sessionData and windowData are erased when you close your browser and the firefox plugin Better Privacy deletes LSOs whenever you close your browser so if thats all it takes to kill a zombie cookie, I don't see what the big deal is. I'm still interested though so I downloaded everclear. They have an example.html file and I ran it locally (not on my apache server) and heres the parameters that came up:
userData mechanism: undefined
cookieData mechanism: 573
localData mechanism: 573
globalData mechanism: undefined
sessionData mechanism: 573
windowData mechanism: 573
historyData mechanism: undefined
pngData mechanism: undefined
etagData mechanism: undefined
cacheData mechanism: undefined
lsoData mechanism: undefined
slData mechanism: undefined
I was surprised to see the sessionData parameter. I thought only server side scripts could set sessions. Suppose I was wrong. When I ran it on my server, heres what happened:
pngData mechanism: 573
etagData mechanism: 573
cacheData mechanism: 573
userData mechanism: undefined
cookieData mechanism: 573
localData mechanism: 573
globalData mechanism: undefined
sessionData mechanism: 573
windowData mechanism: 573
historyData mechanism: undefined
lsoData mechanism: 573
slData mechanism: undefined
Something thats confusing me is how did all this work when I only pointed my browser to a .html file? Some of those mechanisms use PHP, how did a HTML file run PHP scripts? I read that you can run PHP from within an iframe in a HTML page but there are no iframes in the source code for example.html. I'm gonna start back engineering everclear now but this one has me baffled.
