Netflix vulnerability - share your account with unlimited people

I'm going to show you how to share your Netflix to unlimited number of your friends. The technique is based on a vulnerability which will be explained. You should know that this vulnerability is known by Netflix, and they say they won’t fix it.

Popularization of the vulnerability

Let’s not enter into tech details here, and please leave a comment if you want me to write a tech-oriented article on this topic.

When you login to Netflix for the first time it asks for your username and password, so far so good. The next day you decide to go back to Netflix, and boom !! magic, you don’t have to provide anything this time. You are already logged in! Something, somewhere, remembers. Well, this is your browser which stores a piece of information, a cookie 🍪. Here is basically what happens:

• You login to Netflix - for the first time
• Netflix generates a cookie that identifies you
• Your browser store it
• Go back to Netflix later on
• Your browser sends the cookie
• Netflix says “ok”, I already know you

How annoying would it be to login each time you go on a website, isn’t it?

Imagine you come back six month later on Netflix, and this time it asks for your information. What !? Don’t panic! this is normal, cookies have a limited timespan. After some time cookies are invalidated.

Cool story, but where is the hack?

Hum, this is very simple. A cookie is a piece of information stored in your browser. What if you give it to a friend? The answer is, your friend would have access too.

Wait a minute! What about my password? If I don’t give my password he won’t have access, isn’t?

I can assure he will. Indeed, the cookie will tell Netflix you are already logged in, as it did for you.

Can we watch Netflix at the same time?

Yes, as crazy it sounds, from Netflix point of view you we will be seen as ONE SINGLE account.

Doesn’t seems really secure?

Well, sharing cookies is not secure at all. Imagine, you share cookies of your banking website, one can access your accounts without even needed your password. Damm !!!
Be caution, don’t share cookies of any websites and in clear emails, or message apps. You may trust your friend, but if someone intercepts your cookie (free wifi in a café), that could be dangerous.

Don’t worry, be happy

If you decide to share cookies, then just encrypt them. That’s it. We will see how later.

Free Netflix cookies all over the internet

With a little effort, you can find dozens of websites giving away free Netflix cookies. Except that these websites are really not the kind of trustworthy websites. Also, the cookies are most likely invalidated (a guy logged out) or expired. Even worse, the cookies could have been stolen.

I think you got the point. Try to avoid these sites.

Is all of this legal?

First of all, it does not seem right! Despite this, I am not sure if there is a law against sharing cookies with someone. Also, Netflix knows about it. But, many things might depend on your country, or your usage, law is complex and I don’t want to misinterpret things. Please do your own research.

Disclaimer

Anyway, I do not encourage anyone to do it. Also, I am not responsible for whatever usage you do of it.

The real goal of this article

First, it's meant to bring on the table “the cookie topic” to non-techies using a catchy story. Cookies is a big topic, especially in the advertising world (future blog posts coming). Don’t tell me you have never seen a cookie popup?
Second, to protect yourself. Since, this technique is becoming more and more popular it is better to be aware of the dangers. Basically, don’t share cookies with people you don’t know, especially in insecure manner.

Share your Netflix cookies securely (Chrome and Brave)

In this part, we will see how to share your account securely by sharing your cookies with someone else. This is quite simple thanks to a Chrome extension called “ShareAccount”. Here is the link to install it
https://chrome.google.com/webstore/detail/shareaccount/glifngepkcmfolnojchcfiinmjgeablm
It is the one with this icon:

Let’s see how it works. In this scenario you want to share your Netflix cookies with a friend of you.

• Both of you have installed the extension
• Your friend
  • Clicks on the extension
  • Clicks on “RECEIVE ACCOUNT”
  • Copy the code
  • Sends the code to you, let’s say by email.
• You
  • Go on Netflix
  • Click on the extension
  • Click on “SHARE ACCOUNT”
  • Past your friend’s code
  • Click ”Share“
  • Copy the “Share result” (make sure you copy the entire text!!!)
  • Send the copy result to your friend (to be more secure send it by another mean that email)
• Your friend
  • Clicks on the extension
  • Clicks on “RECEIVE ACCOUNT”
  • And past the result
  • Click on “RECEIVE”

Your friend will be automatically redirected to Netflix. If he doesn’t:

• He was redirected to another site: then you sent him the cookies of another website.
• An error appear
  • You didn’t copy/past the entire cookie
  • The code is not correct

In any case re-do the steps and it should work.

I made a mistake and I don’t want my friend to access the account anymore?

No worries, logout of Netflix and the cookies will be invalidated. In the same way, your friend shouldn’t logout, otherwise he will automatically lose access.

Don’t forget to thank people

If the extension works give the author a 5 stars rating. I don’t know him, but he did a great job, gave it for free, and even better the code is open source. I would also enjoy a vote and a comment ;).