Taking advantage of the way WebView2 accepts JavaScript, mrd0x was also able to steal any cookies sent by the remote server after a user logs in, including authentication codes.