killchain-compendium/Exploits/Web/Cookie Tampering.md

# Cookie Tampering

## Components

* Separator is `;`
* Name
* Value
* Domain
* Path
* Expires/Maxage
* Size
* HttpOnly, no access by client side scripts
* Secure, HTTPs only
* SameSite, cookie sent through cross-site request
* SameParty, firt party requests only
* Priority

## Response
* May look like this
```sh
Set-Cookie: <cookie-name>=<cookie-value>; Domain=<domain-value>; Secure; HttpOnly
```
restructured Exploits 2022-11-13 22:38:01 +01:00			`# Cookie Tampering`

			`## Components`

			* Separator is `;`
			`* Name`
			`* Value`
			`* Domain`
			`* Path`
			`* Expires/Maxage`
			`* Size`
			`* HttpOnly, no access by client side scripts`
			`* Secure, HTTPs only`
			`* SameSite, cookie sent through cross-site request`
			`* SameParty, firt party requests only`
			`* Priority`

			`## Response`
			`* May look like this`
			```sh
			`Set-Cookie: <cookie-name>=<cookie-value>; Domain=<domain-value>; Secure; HttpOnly`
			```