Cookies Attributes

Check List

Methodology

Black Box

Insecure Cookie Exposure

1

Log in as a normal user

2

Open DevTools then go to Console

3

Type document.cookie

4

Look for any authentication-related cookies ( accessToken, session, refreshToken)

5

Open DevTools, Application, Storage, Cookies to check attributes like

  • HttpOnly

  • Secure

  • Expiration date

White Box

Cheat Sheet

PreviousSession Management SchemaNextSession Fixation

Last updated