Ask Your Question
0

Is it possible to infer advanced cookie properties like expiration from Wireshark

asked 2019-07-06 18:47:55 +0000

anon gravatar image

I want to perform a cookie injection attack for demonstration purposes.

I could achieve this using Firefox Cookie-Editor extension. However, the attack can only succeed if I enter the cookie name, value and advanced parameters like the expiration date and check the boxes whether the cookie is httponly, Secure, hostonly, Session.

I could not extract the advanced properties from Wireshark. I can only see the cookie name and value.

Any idea how to extract cookies advanced properties using Wireshark?

edit retag flag offensive close merge delete
add a comment

1 Answer

Sort by ยป oldest newest most voted
0

answered 2019-07-07 09:19:28 +0000

SYN-bit gravatar image

The advanced properties you are referring to are only sent by the server in the set_cookie header. They restrict the use of the cookie by date, protocol, etc. This means the client knows when it needs to send the cookie and more importantly when it should not send the cookie.

When you use the cookie-editor to change these advanced parameters, you overrule the settings that the application has send and therefor change whether or not Firefox should send the cookie when doing a new request. It will not send the advanced parameters to the server as it only uses the advanced parameters to determine when to send the cookie and when not to internally.

Wireshark will however show the advanced parameters sent by the server in the set_cookie header and you can filter on them. Here is an example:

http.set_cookie contains "domain=example.com"
edit flag offensive delete link more
add a comment

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

subscribe to rss feed

Stats

Asked: 2019-07-06 18:47:55 +0000

Seen: 1,674 times

Last updated: Jul 07 '19

Related questions

Why I can not find my clear text login credentials in Wireshark traffic

why wireshark is not showing http or https packets in the view?

How to capture HTTPS traffic with v3.0.2?

Display filter for TLS versions in tshark and saving to a new file.

Intercept HTTP requests / responses and add custom header

Why there is port mismatch in tcp and http header for port 51006. Also why the netstat in server do not shows connections under port 51006 even traffic is coming to this port.

http request and response clarification!

How to plot HTTP requests/sec graph?

why protocol is not showing as HTTP even though we sent http request ?

How can I get https to show in Wireshark?