Dman 0 Posted September 1, 2014 Report Share Posted September 1, 2014 Hey Everyone, Having some major issues storing the facebook remember me cookie. define GetCookieFB { set(#FBcookie, $eval("document.cookie;"), "Global") alert(#FBcookie) } However when doing this it seems to be missing quite a few key value pairs when compared to firebug. if you load the cookie back in using js and splitting on the ; it will fail to be logged in. It seems that you need the key xs but this is not transmitted in document.cookie. Any help would be appreciated. Quote Link to post Share on other sites
Dman 0 Posted September 2, 2014 Author Report Share Posted September 2, 2014 Cant seem to figure it out, I have tried everything but the xs cookie keyname does not show up in ubot whatsoever. Quote Link to post Share on other sites
blumi40 222 Posted September 3, 2014 Report Share Posted September 3, 2014 have a look at here, maybe that helps you to understand why some vars are not aviable for jshttps://www.owasp.org/index.php/Http Quote Link to post Share on other sites
arunner26 51 Posted September 4, 2014 Report Share Posted September 4, 2014 blumi40, I didn't see any text on your link. Andy (Arunner26) Quote Link to post Share on other sites
blumi40 222 Posted September 4, 2014 Report Share Posted September 4, 2014 sorry lol there is a new function with cookies called httponlywhich means u cant scrape this information with js try google to find out more about Quote Link to post Share on other sites
LoWrIdErTJ - BotGuru 904 Posted September 4, 2014 Report Share Posted September 4, 2014 Good info on HttpOnly cookies (apache, web server, and public cookies)http://www.natexim.com/how-to-bypass-httponly/ Purpose of HttpOnly cookies is to help prevent xss and other attacks or changing of cookie data Quote Link to post Share on other sites
Dman 0 Posted September 5, 2014 Author Report Share Posted September 5, 2014 With ubot we should be able to get and store the cookies since they are actually being set inside ubot, we just have no js access to them. Would be great if we could figure out a plugin or something to store this data somehow. Quote Link to post Share on other sites
LoWrIdErTJ - BotGuru 904 Posted September 5, 2014 Report Share Posted September 5, 2014 the problem is the HttpOnly cookies (referanced in another thread here in the forum as well) that are apache, or server only session cookies that cant be pulled with javascript or anything not residing on the server itself. Quote Link to post Share on other sites
Dman 0 Posted September 10, 2014 Author Report Share Posted September 10, 2014 Yes but HttpOnly must be stored on the browser side as well from what I can see using firebug, Ubot must be able to get access to them if they are stored locally it is just a security measure stopping them from being pulled via js from my understanding. Myabe im wrong ? Quote Link to post Share on other sites
brusacco 20 Posted December 29, 2014 Report Share Posted December 29, 2014 http://www.ubotstudio.com/forum/index.php?/topic/11133-store-session-cookies/page-2&do=findComment&comment=105471 Quote Link to post Share on other sites
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.