search

OWASP / Nettacker

Automated Penetration Testing Framework - Open-Source Vulnerability Scanner - Vulnerability Management
https://owasp.org/www-project-nettacker/
Apache License 2.0
3.33k stars 748 forks source link

Set-Cookie header related Vulnerabilities #241

Closed aman566 closed 3 years ago

aman566 commented 4 years ago

The set-cookie header has some flags like secure, httponly, samesite. If these flags are not enable then it can help attacker to exploit the site in various ways. But if samesite cookie is enabled then the website is safe from CSRF attacks. Ex In this blog: https://www.acunetix.com/blog/articles/chrome-tightens-csrf-protection/ after adding samesite cookie which will prevent the csrf attacks. I will add a module for searching for these flags in Set-Cookie header which will in return gives whether the application is vulnerable or not.

OS: Linux

OS Version: Ubuntu

Python Version: 3.6.9

aman566 commented 4 years ago

Fix for this issue: #249 @securestep9 please review it and suggest me changes if any :)