The set-cookie header has some flags like secure, httponly, samesite. If these flags are not enable then it can help attacker to exploit the site in various ways. But if samesite cookie is enabled then the website is safe from CSRF attacks. Ex In this blog: https://www.acunetix.com/blog/articles/chrome-tightens-csrf-protection/ after adding samesite cookie which will prevent the csrf attacks. I will add a module for searching for these flags in Set-Cookie header which will in return gives whether the application is vulnerable or not.
The set-cookie header has some flags like secure, httponly, samesite. If these flags are not enable then it can help attacker to exploit the site in various ways. But if samesite cookie is enabled then the website is safe from CSRF attacks. Ex In this blog: https://www.acunetix.com/blog/articles/chrome-tightens-csrf-protection/ after adding samesite cookie which will prevent the csrf attacks. I will add a module for searching for these flags in Set-Cookie header which will in return gives whether the application is vulnerable or not.
OS:
Linux
OS Version:
Ubuntu
Python Version:
3.6.9