Wednesday, 2 July 2014



Greetings Gentel Men, I'm here to Give a Simple & Understandable concept of HttpOnly Falg. First time This Technique was used by MS-IE Developers in IE-6 with XP-sp1 Version.

HttpOnly

HttpOnly is an Additional Flag in Http Header Response named as set-cookie. and Usually using this httponly falg help in mitigating client side & server side Attacks.

Syntax:
 
Set-Cookie: name=UrduSecuirty; Max-Age=600; expires=01/04/2014; domain=urdusecurity.blogspot.com; path=/; secure; HttpOnly

Why HttpOnly


HttpOnly flag 'hypertext transfer protocol' response header is additional in, the cookie can't be accessed through consumer aspect script. As a result, a cross-site scripting flaw exists, and a user accidentally accesses a link that exploits this flaw even though the browser to a 3rd party cookie won't show.

 When we visit a web page and if We are Not able to see 'set-cookie' & 'HttpOnly' tags in response , be sure that website have no security becase its cookies can be stolen easily.

Setting HttpOnly Cookies

PHP => add this in PHP.ini
session.cookie_httponly = True
Python(CherryPy) =>add in Config File
session.cookie_httponly = True

Hope You Guys Enjoyed Reading this tutorial, its not briefly explained but its noob Friendly so that Every one can Understand. Soon I'l Post that how can we Access HttpOnly cookies Also. 

What & Why HttpOnly Flag

  • Uploaded by: Unknown
  • Views:
  • Category:
  • Share

    0 comments:

    Post a Comment

     
    Copyright © HACK | Designed by Muhammad Adeel | Founder UrduSecurity