Is it possible to infer advanced cookie properties like expiration from Wireshark

Question

I want to perform a cookie injection attack for demonstration purposes.

I could achieve this using Firefox Cookie-Editor extension. However, the attack can only succeed if I enter the cookie name, value and advanced parameters like the expiration date and check the boxes whether the cookie is httponly, Secure, hostonly, Session.

I could not extract the advanced properties from Wireshark. I can only see the cookie name and value.

Any idea how to extract cookies advanced properties using Wireshark?

score 0 · Accepted Answer · answered Jul 06 '19 at 19:20

The properties of a cookie are set by the server in the Set-Cookie field of the HTTP response header, or cookies including their properties can be set using JavaScript. In the Cookie field of the HTTP request header one can only see the value of the cookie, not its attributes.

This means to find out the properties of a cookie you have to either look at the HTTP response which has set the cookie, which might be a while (or even long ago) before the HTTP request using this cookie is send. Or you have to study all the JavaScript which got ever include into the HTML of the site (i.e. even third party JavaScript) to find out if some cookie was ever set this way and with which attributes. Again, the cookie might have been set long ago.

Is it possible to infer advanced cookie properties like expiration from Wireshark

1 Answers1