Are there any ways like online tools or browser extensions to find all the cookies used on a website? I already know we can get all the cookies on each page but I want to know if I can get this done for the whole website. What I am basically looking for is to get the list of all the cookies used and give the customer the ability to choose which cookies can be stored.
Asked
Active
Viewed 405 times
1
-
Use chrome.cookies API. – wOxxOm Jan 28 '20 at 12:58
1 Answers
0
You'll only get to know about cookies on each page you visit - every page will see a cookie with a / path, but cookies using other paths won't show up until you visit the pages they correspond to. e.g. say you have an editor that saves preferences in a cookie when you visit /edit, you can't tell that cookie exists until you visit that path. So that means you do indeed need to scan every page.
One way to do that is to use a tool like nikto. By default, nikto performs a very thorough and invasive scan of a server (so you should only use it on your own servers or with explicit permission in that mode), but you can limit what it does, which also makes it much faster and less aggressive:
nikto -Display 2 -Plugins cookies -host stackoverflow.com
-Display 2 means "only display cookies", -Plugins cookies means "only perform a cookie scan". This produces a list of cookies set on every path that nikto finds:
- Nikto v2.1.6
---------------------------------------------------------------------------
+ / sent cookie: prov=3968c6ce-2180-aff2-8e0e-ed7591b64a77; domain=.stackoverflow.com; expires=Fri, 01-Jan-2055 00:00:00 GMT; path=/; HttpOnly
+ / sent cookie: prov=9c9ba76f-6571-425b-1199-393f2f5f88fd; domain=.stackoverflow.com; expires=Fri, 01-Jan-2055 00:00:00 GMT; path=/; HttpOnly
+ Target IP: 151.101.193.69
+ Target Hostname: stackoverflow.com
+ Target Port: 80
+ Start Time: 2020-01-28 09:11:57 (GMT1)
---------------------------------------------------------------------------
+ Server: No banner retrieved
+ / sent cookie: prov=8408954e-060f-bf74-174b-6f2c5f400da8; domain=.stackoverflow.com; expires=Fri, 01-Jan-2055 00:00:00 GMT; path=/; HttpOnly
+ Root page / redirects to: https://stackoverflow.com/
+ /bWqYtKqo.htm sent cookie: prov=dd9d867b-000c-c538-dd61-6c2dac87137c; domain=.stackoverflow.com; expires=Fri, 01-Jan-2055 00:00:00 GMT; path=/; HttpOnly
+ /bWqYtKqo.mediawiki sent cookie: prov=4ca68e7b-fbfd-1513-0ba0-46bf8ff7859e; domain=.stackoverflow.com; expires=Fri, 01-Jan-2055 00:00:00 GMT; path=/; HttpOnly
+ /bWqYtKqo.csp sent cookie: prov=87cf9cdf-ee98-8092-0f6f-5839f6c8208a; domain=.stackoverflow.com; expires=Fri, 01-Jan-2055 00:00:00 GMT; path=/; HttpOnly
+ /bWqYtKqo.pl sent cookie: prov=c61a9f98-1bed-e4c1-4f17-09d0ecded9fd; domain=.stackoverflow.com; expires=Fri, 01-Jan-2055 00:00:00 GMT; path=/; HttpOnly
+ /bWqYtKqo.asp sent cookie: prov=43daff48-2158-85c2-2871-d60d787d8c33; domain=.stackoverflow.com; expires=Fri, 01-Jan-2055 00:00:00 GMT; path=/; HttpOnly
...
You can choose different output formats via the -Format option, including machine-readable ones suitable for scripting, like CSV.
Synchro
- 35,538
- 15
- 81
- 104