# Web Session Cookie Theft **MITRE ATTACK layer: Credential Access** Web session cookie theft is the act of stealing active authentication cookies from a user's browser to impersonate them or resume their logged in session without knowing their password. The attacker doesn't authenticate, they inherit "trust" that was already granted. ## How is Web Session Cookie Theft abused Attackers mainly use infostealer malware or malicious browser extensions to extract cookies from browsers. More advanced campaigns use phishing proxy tools to capture cookies after MFA is completed, then replay the session immediately. ## Why Web Session Cookie Theft matters This attack bypasses passwords and MFA entirely and often produces no login alerts. Security logs show a “normal” session, making detection difficult while attackers quietly take over accounts and move laterally. ## Real-world example ### Cookie-Bite' Attack on Azure Entra ID (2025) In mid-2025, a technique dubbed Cookie-Bite was identified where a malicious extension steals session cookies from Azure Entra ID (Microsoft identity). It bypassed MFA and granted persistent access to services like Microsoft 365, Outlook, Teams, SharePoint and OneDrive simply by replaying those cookies. Security controls were technically working, but irrelevant, because the attacker never re-authenticated. One of the critical consequences was that a persistent cookie’s 90-day validity meant that one theft can yield months of control. [Source](https://www.darkreading.com/remote-workforce/cookie-bite-entra-id-attack-exposes-microsoft-365) ## Related topics ### Man-in-the-Middle Attack [Read more](https://www.manageengine.com/products/desktop-central/attack-glossary/man-in-the-middle-attack.html) ### Cross-Site Scripting [Read more](https://www.manageengine.com/products/desktop-central/attack-glossary/cross-site-scripting.html) ### Phishing [Read more](https://www.manageengine.com/products/desktop-central/attack-glossary/phishing.html) ## Additional Resources ### Achieve 442% ROI and reduce patching time by 95% — Forrester TEI Report See how organizations gained 442% ROI and major efficiency improvements with Endpoint Central. [Read more](https://www.manageengine.com/products/desktop-central/forrester-total-economic-impact-uems.html?utm_source=ec-attackglossary) ### Experience enterprise-grade protection proven in real-world tests — AV-Comparatives Report Discover how Endpoint Central’s antivirus earned recognition through rigorous, real-world security validation in just eight months. [Read more](https://www.manageengine.com/products/desktop-central/malware-protection-av-comparatives-dec2025.html?utm_source=ec-attack_glossary) ### Simplify endpoint security and build cyber resilience — Endpoint Security For Dummies Get a clear, practical guide to understanding threats and strengthening your organization’s security. [Read more](https://www.manageengine.com/products/desktop-central/endpoint-security-for-dummies.html?utm_source=ec_attack-glossary)