> Here are the basic steps of what happens:
> 
> *. Malware runs on user’s machine
> => https://embracethered.com/blog/posts/2020/firefox-cookie-debug-client/ | but others have similar features
> *. Malware connects to the debugging port
> => https://embracethered.com/blog/posts/2020/cookie-crimes-on-mirosoft-edge/ | or remote control the browser
> *. Attacker uses the cookies and gains access to resources
> 
> **Note:** This specific technique via the remote debugging port was originally described as [[https://github.com/defaultnamehere/cookie_crimes | “Cookie Crimes” by @mangopdf]] for Chrome.