THREATOPS
THREAT OPSThreat News › Stealing HttpOnly cookies with the cookie sandwich technique

Stealing HttpOnly cookies with the cookie sandwich technique

infoportswigger_researchPublished 2025-01-22

In this post, I will introduce the "cookie sandwich" technique which lets you bypass the HttpOnly flag on certain servers. This research follows on from Bypassing WAFs with the phantom $Version cookie

Original source: https://portswigger.net/research/stealing-httponly-cookies-with-the-cookie-sandwich-technique