Can Cookie Setter be Hooked?

Tests whether the cookie setter function can be hooked using __lookupSetter__

By
skeptic_fx 0 Seen 596 times
Tags
cookie setter hook
Run this test now.

Results


Tested on
Chrome - 65 - Mac OS X
Result
Yes

Tested on
Firefox - 51 - Windows 7
Result
Yes

Tested on
Safari - 9.1.2 - Mac OS X
Result
No - TypeError: undefined is not an object (evaluating 'cookie_setter.apply')

Tested on
IE - 11 - Windows
Result
No - TypeError: Unable to get property 'apply' of undefined or null reference

Tested on
Googlebot - 2.1 - undefined
Result
Yes
No - TypeError: Cannot redefine property: cookie

Tested on
Chrome Mobile - 41 - Android
Result
Yes
No - TypeError: Cannot redefine property: cookie

Tested on
Opera - 47 - Windows 10
Result
Yes

User Script (ENUM_FUNCTION)

					
function test(data){
    try{
        var cookie_setter = document.__lookupSetter__('cookie');
        var cookie_getter = document.__lookupGetter__('cookie');
        var cookie_name = Math.random();
        var hooked_cookie_value;
        Object.defineProperty(document, "cookie", {
          get: function(){ // default behavior
            return cookie_getter.apply(this, arguments);
          },
          set: function(val) { // everytime a cookie is set, '_hooked' is added to it.
            arguments[0] += '_hooked';
            return cookie_setter.apply(this, arguments);
          }
        });
    
        document.cookie = cookie_name+"=samplecookievalue";
        hooked_cookie_value = document.cookie.split(cookie_name)[1].split('=')[1].split(';')[0];
        if(!hooked_cookie_value){
            addResult('No');
        }else {
            if(hooked_cookie_value.indexOf('samplecookievalue_hooked') !== -1){
                addResult('Yes');
            } else {
                addResult('No');
            }
        }
    }
    catch(err){
        addResult('No - ' + err);
    }
}


					
				

Enum Data (ENUM_FUNCTION)

					
// Just run this once
var data=[1];