The Vulnerabilities of Missing HTTP and Secure Flags, and also Fixing
Hi Heckerss!! 🙋♂️
Let’s Start…! the blog directly…
1. 🌐 HTTP (Hypertext Transfer Protocol):
HTTP (Hypertext Transfer Protocol) is a fundamental protocol used for transmitting data over the internet. It acts as a set of rules and conventions that allow web browsers and web servers to communicate and exchange information.
2. 🔒 Secure:
The “Secure” flag, when set for a cookie, ensures that the cookie is only sent over secure, encrypted connections using HTTPS, making it more resistant to interception and enhancing web application security.
- 🕵️♂️ Data Interception
- 🕵️♂️ Man-in-the-Middle (MitM) Attacks
- 🚷 Session Hijacking
- 🍪 Cookie Theft
- 🌐 Cross-Site Scripting (XSS) Attacks
Without HTTPS and Secure Flags, cookies and sensitive data transmitted over unencrypted connections become prime targets for XSS attacks. Attackers can inject malicious scripts into web pages, compromising user data and potentially taking control of accounts. The absence of Secure Flags can make it easier for attackers to steal cookies containing session information and carry out XSS attacks more effectively.
I think the theory is too boring 🥲
Let’s start with the practical one 😉
First, we have to understand what will happen without the HTTP and secure flags.
Now Implement the both HTTP and Secure flags in the cookie
setcookie("username", $userInput, time() + 3600, "/", "", false, false);
"username": This is the name of the cookie you're setting. In this case, it's named "username."
$userInput: This is the value you want to assign to the "username" cookie. It appears that you're using the
$userInputvariable as the value, which means the value of the cookie will be based on the user's input.
time() + 3600: This sets the expiration time for the cookie. In this example, the cookie will expire in 3600 seconds (1 hour) from the current time.
"/": The path parameter specifies the scope of the cookie. Here, it's set to "/", meaning the cookie is available for the entire domain.
""(empty string): The domain parameter typically specifies the domain where the cookie is valid. An empty string means it's valid for the current domain.
false: The secure parameter determines whether the cookie should only be transmitted over secure HTTPS connections. Here, it's set to
false, meaning the cookie can be sent over both HTTP and HTTPS connections.
Note: 1 and 2 depend on the application.
Set HTTP and Secure flag as TRUE
setcookie("username", $userInput, time() + 3600, "/", "", true, true);
true: The secure parameter determines whether the cookie should only be transmitted over secure HTTPS connections. Here, it's set to
true, meaning the cookie will only be sent over HTTPS.
Let's see the response 🙌
Okay… will see in the next blog 👋🙋♂️.
Reach out to me, If you have any queries 🤝
👔 LinkedIn: Abinesh M
📱 Instagram: Abi_Hecker