Author Topic: Cookie Stealing (Read 1746 times)

z3ro · « **on:** July 27, 2012, 10:59:57 am »

Is there a way to steal HttpOnly cookies??

Phage · « **Reply #1 on:** July 27, 2012, 12:31:45 pm »

I'm not quite sure what you are meaning with "http only cookies". From my point of view it's the same as any other regular cookie.

z3ro · « **Reply #2 on:** July 27, 2012, 12:45:30 pm »

Quote from: Narraz on July 27, 2012, 12:31:45 pm

I'm not quite sure what you are meaning with "http only cookies". From my point of view it's the same as any other regular cookie.

seriously!

yu dn't know what's an httpOnly cookie?

The HttpOnly attribute directs browsers to use cookies via the HTTP protocol only. An HttpOnly cookie is not accessible via non-HTTP methods, such as calls via JavaScript ("document.cookie"), and therefore cannot be stolen easily via xss...

Kulverstukas · « **Reply #3 on:** July 27, 2012, 01:31:38 pm »

It's a regular cookie, but accessed only from HTTP. You can still steal it like any other cookie via sniffing the traffic.

z3ro · « **Reply #4 on:** July 27, 2012, 01:36:10 pm »

Quote from: Kulverstukas on July 27, 2012, 01:31:38 pm

It's a regular cookie, but accessed only from HTTP. You can still steal it like any other cookie via sniffing the traffic.

sniffing the traffig>> OK..
But what about outsite network??

Phage · « **Reply #5 on:** July 27, 2012, 05:58:01 pm »

Ok kulverstukas that was also what i was thinking.

EvilZone

News:

Author Topic: Cookie Stealing (Read 1746 times)

z3ro

Cookie Stealing

Phage

Re: Cookie Stealing

z3ro

Re: Cookie Stealing

Kulverstukas

Re: Cookie Stealing

z3ro

Re: Cookie Stealing

Phage

Re: Cookie Stealing