Y
Hacker News
new
|
ask
|
show
|
jobs
by
dwaite
2565 days ago
Or just remote drive your session. Token exfiltration isn't required if you can do XSS or say script injection via browser extensions (and exfiltration is more likely to hit anomaly/fraud detection)