httpOnly cookie

Question

horllste opened this issue 4 years ago · comments

hello, this is a question and not a issue.

i will like to know if there is a way to bypass web app with httpOnly cookie set to true.

thanks

Giuseppe Trotta · Answer 1 · Mon Feb 15 2021 16:47:45 GMT+0800 (China Standard Time)

Yes, use the replacement rules to strip the httpOnly flag when a cookie is set.
https://github.com/muraenateam/muraena/blob/master/config/config.toml#L62