Ask Your Question

Is it possible to infer advanced cookie properties like expiration from Wireshark

asked 2019-07-06 18:47:55 +0000

anon gravatar image

I want to perform a cookie injection attack for demonstration purposes.

I could achieve this using Firefox Cookie-Editor extension. However, the attack can only succeed if I enter the cookie name, value and advanced parameters like the expiration date and check the boxes whether the cookie is httponly, Secure, hostonly, Session.

I could not extract the advanced properties from Wireshark. I can only see the cookie name and value.

Any idea how to extract cookies advanced properties using Wireshark?

edit retag flag offensive close merge delete

1 Answer

Sort by ยป oldest newest most voted

answered 2019-07-07 09:19:28 +0000

SYN-bit gravatar image

The advanced properties you are referring to are only sent by the server in the set_cookie header. They restrict the use of the cookie by date, protocol, etc. This means the client knows when it needs to send the cookie and more importantly when it should not send the cookie.

When you use the cookie-editor to change these advanced parameters, you overrule the settings that the application has send and therefor change whether or not Firefox should send the cookie when doing a new request. It will not send the advanced parameters to the server as it only uses the advanced parameters to determine when to send the cookie and when not to internally.

Wireshark will however show the advanced parameters sent by the server in the set_cookie header and you can filter on them. Here is an example:

http.set_cookie contains ""
edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower


Asked: 2019-07-06 18:47:55 +0000

Seen: 1,369 times

Last updated: Jul 07 '19