Tongwei Ren (Worcester Polytechnic Institute), Alexander Wittmany (University of Kansas), Lorenzo De Carli (Worcester Polytechnic Institute), Drew Davidsony (University of Kansas)

DNS CNAME redirections, which can “steer” browser requests towards a domain different than the one in the request’s URI, are a simple and oftentimes effective means to obscure the source of a web object behind an alias. These redirections can be used to make third-party content appear as first-party content. The practice of evading browser security mechanisms through misuse of CNAMEs, referred to as CNAME cloaking, has been recently growing in popularity among advertisers/trackers to bypass blocklists and privacy policies.

While CNAME cloaking has been reported in past measurement studies, its impact on browser cookie policies has not been analyzed. We close this gap by presenting an in-depth characterization of how CNAME redirections affect cookie propagation. Our analysis uses two distinct data collection samples (June and December 2020). Beyond confirming that CNAME cloaking continues to be popular, our analysis identifies a number of websites transmitting sensitive cookies to cloaked third-parties, thus breaking browser cookie policies. Manual review of such cases identifies exfiltration of authentication cookies to advertising/tracking domains, which raises serious security concerns.

View More Papers

[WITHDRAWN] First, Do No Harm: Studying the manipulation of...

Shubham Agarwal (Saarland University), Ben Stock (CISPA Helmholtz Center for Information Security)

Read More

CHANCEL: Efficient Multi-client Isolation Under Adversarial Programs

Adil Ahmad (Purdue University), Juhee Kim (Seoul National University), Jaebaek Seo (Google), Insik Shin (KAIST), Pedro Fonseca (Purdue University), Byoungyoung Lee (Seoul National University)

Read More

Why Do Programmers Do What They Do? A Theory...

Lavanya Sajwan, James Noble, Craig Anslow (Victoria University of Wellington), Robert Biddle (Carleton University)

Read More

Detecting Kernel Memory Leaks in Specialized Modules with Ownership...

Navid Emamdoost (University of Minnesota), Qiushi Wu (University of Minnesota), Kangjie Lu (University of Minnesota), Stephen McCamant (University of Minnesota)

Read More