Wednesday 2 July 2014



Greetings Gentel Men, I'm here to Give a Simple & Understandable concept of HttpOnly Falg. First time This Technique was used by MS-IE Developers in IE-6 with XP-sp1 Version.

HttpOnly

HttpOnly is an Additional Flag in Http Header Response named as set-cookie. and Usually using this httponly falg help in mitigating client side & server side Attacks.

Syntax:
 
Set-Cookie: name=UrduSecuirty; Max-Age=600; expires=01/04/2014; domain=urdusecurity.blogspot.com; path=/; secure; HttpOnly

Why HttpOnly


HttpOnly flag 'hypertext transfer protocol' response header is additional in, the cookie can't be accessed through consumer aspect script. As a result, a cross-site scripting flaw exists, and a user accidentally accesses a link that exploits this flaw even though the browser to a 3rd party cookie won't show.

 When we visit a web page and if We are Not able to see 'set-cookie' & 'HttpOnly' tags in response , be sure that website have no security becase its cookies can be stolen easily.

Setting HttpOnly Cookies

PHP => add this in PHP.ini
session.cookie_httponly = True
Python(CherryPy) =>add in Config File
session.cookie_httponly = True

Hope You Guys Enjoyed Reading this tutorial, its not briefly explained but its noob Friendly so that Every one can Understand. Soon I'l Post that how can we Access HttpOnly cookies Also. 

What & Why HttpOnly Flag

  • Uploaded by: Adeel Chaudhary
  • Views:
  • Category:
  • Share

    1 comments:

    1. Hi All!

      I'm selling fresh & genuine SSN Leads, with good connectivity. All data is tested & verified.
      Headers in Leads:

      First Name | Last Name | SSN | Dob | Address | State | City | Zip | Phone Number | Account Number | Bank NAME | DL Number | House Owner

      *You can ask for sample before any deal
      *Each SSN lead will be cost $1
      *Premium Lead will be cost $5
      *If anyone wants in bulk I will negotiate
      *Sampling is just for serious buyers

      Hope for the long term deal
      For detailed information please contact me on:

      Whatsapp > +923172721122
      Email > leads.sellers1212@gmail.com
      Telegram > @leadsupplier
      ICQ > 752822040

      ReplyDelete

     
    Copyright © HACK | Designed by Muhammad Adeel | Founder UrduSecurity