堆栈内存溢出
  简体   繁体   English

用javascript获取HttpOnly cookie

[英]Get HttpOnly cookies with javascript

 原文  2012-07-21 22:59:31       javascript/ cookies/ httponly

问题描述

do you know of any way to get access to HttpOnly cookies using javascript. 你知道怎么用javascript访问HttpOnly cookies I know that the point of those cookies is that you won't be able to get them this way (for security reasons). 我知道这些cookie的重点在于你无法以这种方式获取它们(出于安全考虑)。 But still, is there absolutely now way to achieve this? 但是,现在绝对有办法实现这一目标吗? Hasn't some hacker around the world found a way to achieve this? 世界上没有一些黑客找到了实现这个目标的方法吗? I really need to get those cookies through javascript (not any other means). 我真的需要通过javascript(而不是任何其他方式)获取这些cookie。 If you know how, it would be very helpful. 如果你知道怎么做,那将非常有帮助。 Thank you. 谢谢。

5 个解决方案

解决方案1
 1  2012-07-21 23:12:57

从javascript只有HttpOnly-cookies的加密版本可用,并且由于密钥是为每台计算机唯一生成的,因此不能在其他计算机上使用cookie(除非破解)。

解决方案2
 1  2012-07-21 23:25:07

No, if there were a way, it would be browser-specific, and probably be patched really soon. 不,如果有办法,它将是浏览器特定的,并且可能很快就会修补。 What you're looking for is a security hole, and won't last long once it's been discovered. 您正在寻找的是一个安全漏洞,一旦发现它就不会持久。

解决方案3
 0  2015-12-29 21:51:12

Its possible through applet or npapi plugin 它可以通过applet或npapi插件实现

Request the server for a connection,it will response with httpOnly cookie 请求服务器进行连接,它将使用httpOnly cookie进行响应

Pass it to JavaScript from applet 从applet传递给JavaScript

Its a security hole that's why chrome and Firefox going to stop npapi support 这是一个安全漏洞,这就是为什么chrome和Firefox会停止npapi的支持

解决方案4
 0  2017-03-05 17:56:29

I found a way to access an HTML-only cookie. 我找到了一种访问HTML-only cookie的方法。 Get the EditTThisCookie extension, then open the page you want. 获取EditTThisCookie扩展名,然后打开所需的页面。 Click on the extension at the top (aka cookie) look for the cookie you want, click on it, then un-check the http only button, it is now accessible by document.cookie . 单击顶部的扩展名(aka cookie)查找所需的cookie,单击它,然后取消选中仅http按钮,现在可以通过document.cookie访问它。

解决方案5
 0  2018-08-18 06:58:38

This is impossible to access HttpOnly cookies by javascript, but if you can remove HttpOnly flag from a cookie by an extension then the cookie will be accessible by javascript. 这是不可能通过javascript访问HttpOnly cookie,但如果你可以通过扩展从cookie中删除HttpOnly标志,那么cookie将可以通过javascript访问。

You can use EditTThisCookie extension as said by @Pipcit404, you should find your target cookie then change the HttpOnly to unchecked and apply it like bellow image: 你可以使用@ Pipcit404所说的EditTThisCookie扩展,你应该找到你的目标cookie,然后将HttpOnly更改为未选中,并将其应用于下图:

在此输入图像描述

It's a trick for testing by a developer who want to access the cookies in the developer tools and it is not a solution for end users. 这是一个想要在开发人员工具中访问cookie的开发人员进行测试的技巧,但它不是最终用户的解决方案。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 javascript Chrome扩展程序无法读取httponly Cookie - javascript Chrome Extension Not able to read httponly cookies 如何使用 JavaScript 读取 HttpOnly cookies? - how to read HttpOnly cookies using JavaScript? 如何获取 httpOnly(安全)cookie TestCafe? - How to get httpOnly (secure) cookies TestCafe? HttpOnly cookies 如何与 Javascript 和身份验证代理一起使用? - How do HttpOnly cookies work with Javascript and authentication proxies? 使用Ajax从JavaScript访问安全Cookie和仅HTTP Cookie时出现问题 - Problems using ajax to access secure and httponly cookies from javascript 如何使用 Javascript 在浏览器中读取 httponly 和安全 cookie? - How can I read httponly and secure cookies in the browser with Javascript? 如何从 cookies 获取使用“httpOnly: true”发送的数据? - How to get data from cookies that were sent with “httpOnly: true”? 删除 httpOnly cookies - 快递 - Delete httpOnly cookies - Express 使用httpOnly cookie进行设备注册 - Using httpOnly cookies for device registration HttpOnly Cookies 在 Web 检查器中找不到 - HttpOnly Cookies not found in Web Inspector
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM