Skills
.Work. You
Rest

cookie-attacks

Official

Secure session cookies against theft and bypass.

Software Engineering#authentication#session management#SSO#pentesting#web application security#cookie security
Authorsecurityfortech
Version1.0.0
Installs0

System Documentation

What problem does it solve?

This Skill addresses critical vulnerabilities in how web applications handle session cookies, preventing session hijacking, unauthorized access after logout, and other session-related attacks.

Core Features & Use Cases

  • Cookie Attribute Auditing: Checks for missing Secure, HttpOnly, and SameSite flags.
  • Scope and Persistence Testing: Verifies Domain/Path scope and tests for overly persistent cookies.
  • Logout Invalidation: Ensures server-side session invalidation upon logout.
  • SSO Bypass Detection: Identifies weaknesses in Single Sign-On logout flows.
  • Use Case: A pentester uses this skill to audit an e-commerce site's session cookies, discovering that the session token lacks the HttpOnly flag, making it vulnerable to XSS attacks.

Quick Start

Audit the session cookies for the target website by checking for missing Secure, HttpOnly, and SameSite attributes.

Dependency Matrix

Required Modules

None required

Components

scriptsreferences

💻 Claude Code Installation

Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.

Please help me install this Skill:
Name: cookie-attacks
Download link: https://github.com/securityfortech/hacking-skills/archive/main.zip#cookie-attacks

Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
View Source Repository

Agent Skills Search Helper

Install a tiny helper to your Agent, search and equip skill from 223,000+ vetted skills library on demand.