How to get httpOnly cookies from android.webkit.CookieManager
Question
I need to know whether a cookie in the webkit browser is httpOnly or not. Using the method getCookie(URL) only return a String with the cookies name and values.
I can get it from java.net.CookieManager easily, but I have no idea if it is possible to convert android.webkit.CookieManager to java.net.CookieManager.
Update 1 I gave up trying do that. My guess is that what I want to do is impossible. I tried to Override the shouldInterceptRequest method to open a new connection using HttpUrlConnection and return a new WebResourceResponse with the ImputStream returned from HttpUrlConnection but, seems that the webview doesn't accept javascript after a call come from shouldInterceptRequest. :-(
2 answers
solution1
1 2017-02-10 16:55:41
This can be done via reflection, eg:
CookieManager cookieManager = CookieManager.getInstance();
Field mChromeCookieManager = cookieManager.getClass().getDeclaredField("mChromeCookieManager");
mChromeCookieManager.setAccessible(true);
Object awCookieManager = mChromeCookieManager.get(cookieManager);
Method getCookie = awCookieManager.getClass().getDeclaredMethod("nativeGetCookie", String.class);
getCookie.setAccessible(true);
Object cookie = getCookie.invoke(awCookieManager, url);
(Tested on Android 5.1.1)
solution2
-1 2017-08-13 20:50:45
To isolate http-cookies, Inject document.cookie into the page it should return all non-http cookies to the JS interface callback. Then get the result of the CookieManager call. The extra cookies in the set are most likely httponly. Simple string work or a hash should do the trick! Works on Android 6 and 7 for me.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.