Let’s assume the cookie data we want to store is “bcde”. Evercookie then accesses the following URLs in the background:
These URLs are now stored in the browser’s history. When checking for a cookie, Evercookie loops through all the possible characters on google.com/Evercookie/cache/, starting with “a” and moving up, but only for a single character.
Once it sees a URL that was accessed because it’s in the browser’s history, it attempts to brute force the next letter. This process occurs extremely fast because no requests are made to the server in question. Evercookie knows it has reached the end of the string as soon as it finds a URL that ends in “-”.