EvilZone

Hacking and Security => Hacking and Security => : z3ro July 27, 2012, 10:59:57 AM

: Cookie Stealing
: z3ro July 27, 2012, 10:59:57 AM: Is there a way to steal HttpOnly cookies??
: Re: Cookie Stealing
: Phage July 27, 2012, 12:31:45 PM: I'm not quite sure what you are meaning with "http only cookies". From my point of view it's the same as any other regular cookie.
: Re: Cookie Stealing
: z3ro July 27, 2012, 12:45:30 PM: : Narraz July 27, 2012, 12:31:45 PM
I'm not quite sure what you are meaning with "http only cookies". From my point of view it's the same as any other regular cookie.

seriously! :o yu dn't know what's an httpOnly cookie?

The HttpOnly attribute directs browsers to use cookies via the HTTP protocol only. An HttpOnly cookie is not accessible via non-HTTP methods, such as calls via JavaScript ("document.cookie"), and therefore cannot be stolen easily via xss...
: Re: Cookie Stealing
: Kulverstukas July 27, 2012, 01:31:38 PM: It's a regular cookie, but accessed only from HTTP. You can still steal it like any other cookie via sniffing the traffic.
: Re: Cookie Stealing
: z3ro July 27, 2012, 01:36:10 PM: : Kulverstukas July 27, 2012, 01:31:38 PM
It's a regular cookie, but accessed only from HTTP. You can still steal it like any other cookie via sniffing the traffic.

sniffing the traffig>> OK..
But what about outsite network??
: Re: Cookie Stealing
: Phage July 27, 2012, 05:58:01 PM: Ok kulverstukas that was also what i was thinking.