do you know of any way to get access to HttpOnly cookies using javascript. I know that the point of those cookies is that you won't be able to get them this way (for security reasons). But still, is there absolutely now way to achieve this? Hasn't some hacker around the world found a way to achieve this? I really need to get those cookies through javascript (not any other means). If you know how, it would be very helpful. Thank you.
Asked
Active
Viewed 9,547 times
4 Answers
3
No, if there were a way, it would be browser-specific, and probably be patched really soon. What you're looking for is a security hole, and won't last long once it's been discovered.
WhyNotHugo
- 9,423
- 6
- 62
- 70
2
From javascript only the encrypted version of the HttpOnly-cookies are available, and since the key is generated uniquely for each computer, the cookies cannot be used (unless cracked) on other computers.
totten
- 2,769
- 3
- 27
- 41
0
Its possible through applet or npapi plugin
Request the server for a connection,it will response with httpOnly cookie
Pass it to JavaScript from applet
Its a security hole that's why chrome and Firefox going to stop npapi support
krishnakumar sekar
- 645
- 6
- 9
-3
I found a way to access an HTML-only cookie. Get the EditTThisCookie extension, then open the page you want. Click on the extension at the top (aka cookie) look for the cookie you want, click on it, then un-check the http only button, it is now accessible by document.cookie.
-
1This is not a good answer w.r.t. what the asker wants to achieve. If the asker plans to implement this on a hosted website, every visitor can't be expected to _uncheck the http only button_. The correct answer is that there is no way because that would be a security flaw. – Jayant Bhawal Nov 27 '17 at 14:56