do you know of any way to get access to HttpOnly cookies using javascript. I know that the point of those cookies is that you won't be able to get them this way (for security reasons). But still, is there absolutely now way to achieve this? Hasn't some hacker around the world found a way to achieve this? I really need to get those cookies through javascript (not any other means). If you know how, it would be very helpful. Thank you.
do you know of any way to get access to HttpOnly cookies using javascript. I know that the point of those cookies is that you won't be able to get them this way (for security reasons). But still, is there absolutely now way to achieve this? Hasn't some hacker around the world found a way to achieve this? I really need to get those cookies through javascript (not any other means). If you know how, it would be very helpful. Thank you.
Share Improve this question asked Jul 21, 2012 at 22:59 user1094565user1094565 91 gold badge3 silver badges5 bronze badges4 Answers
Reset to default 3No, if there were a way, it would be browser-specific, and probably be patched really soon. What you're looking for is a security hole, and won't last long once it's been discovered.
From javascript only the encrypted version of the HttpOnly-cookies are available, and since the key is generated uniquely for each puter, the cookies cannot be used (unless cracked) on other puters.
Its possible through applet or npapi plugin
Request the server for a connection,it will response with httpOnly cookie
Pass it to JavaScript from applet
Its a security hole that's why chrome and Firefox going to stop npapi support
I found a way to access an HTML-only cookie. Get the EditTThisCookie extension, then open the page you want. Click on the extension at the top (aka cookie) look for the cookie you want, click on it, then un-check the http only button, it is now accessible by document.cookie.