killchain-compendium/Exploits/Web/Cookie Tampering.md

23 lines
401 B
Markdown

# Cookie Tampering
## Components
* Separator is `;`
* Name
* Value
* Domain
* Path
* Expires/Maxage
* Size
* HttpOnly, no access by client side scripts
* Secure, HTTPs only
* SameSite, cookie sent through cross-site request
* SameParty, firt party requests only
* Priority
## Response
* May look like this
```sh
Set-Cookie: <cookie-name>=<cookie-value>; Domain=<domain-value>; Secure; HttpOnly
```