The Vulnerabilities of Missing HTTP and Secure Flags, and also Fixing

Abinesh M
4 min readSep 16, 2023

--

Hi Heckerss!! πŸ™‹β€β™‚οΈ

Let’s Start…! the blog directly…

Description:

1. 🌐 HTTP (Hypertext Transfer Protocol):

HTTP (Hypertext Transfer Protocol) is a fundamental protocol used for transmitting data over the internet. It acts as a set of rules and conventions that allow web browsers and web servers to communicate and exchange information.

2. πŸ”’ Secure:

The β€œSecure” flag, when set for a cookie, ensures that the cookie is only sent over secure, encrypted connections using HTTPS, making it more resistant to interception and enhancing web application security.

Impact:

  1. πŸ•΅οΈβ€β™‚οΈ Data Interception
  2. πŸ•΅οΈβ€β™‚οΈ Man-in-the-Middle (MitM) Attacks
  3. 🚷 Session Hijacking
  4. πŸͺ Cookie Theft
  5. 🌐 Cross-Site Scripting (XSS) Attacks

Without HTTPS and Secure Flags, cookies and sensitive data transmitted over unencrypted connections become prime targets for XSS attacks. Attackers can inject malicious scripts into web pages, compromising user data and potentially taking control of accounts. The absence of Secure Flags can make it easier for attackers to steal cookies containing session information and carry out XSS attacks more effectively.

I think the theory is too boring πŸ₯²

Let’s start with the practical one πŸ˜‰

First, we have to understand what will happen without the HTTP and secure flags.

Now Implement the both HTTP and Secure flags in the cookie

setcookie("username", $userInput, time() + 3600, "/", "", false, false);
  1. 🏷️ "username": This is the name of the cookie you're setting. In this case, it's named "username."
  2. πŸ’¬ $userInput: This is the value you want to assign to the "username" cookie. It appears that you're using the $userInput variable as the value, which means the value of the cookie will be based on the user's input.
  3. ⏳ time() + 3600: This sets the expiration time for the cookie. In this example, the cookie will expire in 3600 seconds (1 hour) from the current time.
  4. 🌐 "/": The path parameter specifies the scope of the cookie. Here, it's set to "/", meaning the cookie is available for the entire domain.
  5. 🌐 "" (empty string): The domain parameter typically specifies the domain where the cookie is valid. An empty string means it's valid for the current domain.
  6. πŸ”’ false: The secure parameter determines whether the cookie should only be transmitted over secure HTTPS connections. Here, it's set to false, meaning the cookie can be sent over both HTTP and HTTPS connections.
  7. 🚫 false: The httpOnly parameter is used to restrict cookie access to JavaScript. Setting it to false allows JavaScript to access the cookie, which is the default behavior.

Note: 1 and 2 depend on the application.

Set HTTP and Secure flag as TRUE

setcookie("username", $userInput, time() + 3600, "/", "", true, true);
  1. πŸ”’ true: The secure parameter determines whether the cookie should only be transmitted over secure HTTPS connections. Here, it's set to true, meaning the cookie will only be sent over HTTPS.
  2. 🚫 true: The httpOnly parameter is used to restrict cookie access to JavaScript. Setting it to true means JavaScript won't have access to the cookie, enhancing security.

Let's see the response πŸ™Œ

Okay… will see in the next blog πŸ‘‹πŸ™‹β€β™‚οΈ.

Happy Hunting….!

Reach out to me, If you have any queries 🀝

πŸ‘” LinkedIn: Abinesh M

πŸ“± Instagram: Abi_Hecker

--

--