Share access to accounts without sending a username/password

AccessURL is a chrome extension to share account access.

Would you recommend this product?
15 Reviews2.3/5
Finally a useful Chrome extension! ;) Missing one small feature:
Upvote (39)Share
@yefim I should build that!!
Upvote (22)Share
@yefim this is likely to be impossible (at least 100%) sure the link can expire but nothing prevents the receiver from saving the cookies for later :/
Upvote (15)Share
@lasserafn chrome extension could mitm sites using access URLs via webRequest API and then the only way to get the cookies yourself is to use Wireshark or Charles w/ trusted self signed cert, but yeah not 100% solution. The 100% solution is probably a proxy, which has other issues (streaming netflix through a proxy is bad)
@lasserafn @yefim That's right - it is an easy to use tool but you cannot call it secure. Also if the web app you login allows this it is a high chance that it is open to cross site scripting and csrf attacks. Still good job! Looks like you turn a trivial hacking method to something enjoyable, at least for some folks ;)
@fuater @lasserafn @yefim as long as we send it to non-techies I wouldn't see it as a big problem . A really cool idea!
This is pretty sweeeeet
Upvote (18)Share
@jarredsumner Can you tell us about how it works technically?
@bentossell Sure! Websites use cookies to keep you logged in across pages. This just takes the cookies used by the current domain, generates a random password, encrypts those cookies with that random password, and then sends the encrypted cookies without the password off to the server. Then, when another user goes to your access URL, the chrome extension takes the password from the URL (which is what shows up in the #), it decrypts the cookies, and then adds them to Chrome's cookie jar. It'd be way easier honestly to just store all the cookies on the server without this encryption, but a product like this is dangerous without a lot of thought put into security. It's worth the extra effort on my part to do right by users.
Upvote (83)Share
@jarredsumner yeah definitely and I think lots of people will appreciate that. I was asking because of the cookies and security concerns to be honest. Thanks!
@jarredsumner @bentossell Very intresting tool ! im just shocked being conscious of the value of our cookies, and the fact it can be used for Login case .. thanks for your clear explanation !
v. elegant solution & solid product history under @jarredsumner's belt give this man lots of twitter follows+money
@davidryalpug πŸ’°πŸ’°πŸ’°
@jarredsumner did you ever meet that other thiel fellow 'kid' who was working on next-gen holograph/hologram stuff? i helped judge some thiel event in SF and it seemed likely he would get swept up by In-Q-Tel (πŸ’°πŸ’°πŸ’°)
Oooh, this is awesome
@owens Thanks Hunter!
looks like a great idea, built on some solid technology
@_jacksmith Thanks Jack!