I am able to see cookies in http connection. I would like to know if the same is possible in https connection. Stealing cookies in http connection is quite useless and vague.Instead it would be quite useful if the same is visible for http(s) connection. Is there any way to view cookies in https connection and steal the session is from it asked 13 Aug '14, 05:10  tanu |
One Answer:
In general, no as that's the point of using an encrypted transport layer (SSL\TLS), all the transported data (i.e. http) is encapsulated by the encryption. However, there are known methods of defeating SSL\TLS, e.g. MITM attacks so using one of those will allow the plain text HTTP to be recovered and the cookies viewed. answered 13 Aug '14, 05:15  grahamb ♦ edited 13 Aug '14, 05:15 |
I don't agree with that. If I'm able to get your session cookie, transmitted via HTTP, I could be able to impersonate your session to the server (depends on some security measures within the web application).
That's way better than 'useless' to me ;-))