October 2016
Beginner to intermediate
650 pages
14h 43m
English
The next topic of interest from the HTTP protocol is cookies. As HTTP is a stateless protocol, cookies provide a way to store persistent data on the client side. This allows a web server to have session management by persisting data to the cookie for the length of the session.
Cookies are set from the web server in the HTTP response using a Set-Cookie header. They are then sent back to the server through the Cookie header. This recipe will look at ways to audit the cookies being set by a website to verify if they have secure attributes or not.
The following is a recipe to enumerate through each of the cookies set on a target site and flag any insecure settings that are present:
import requests req = ...
Read now
Unlock full access