{% hint style="success" %} Learn & practice AWS Hacking:[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)\ Learn & practice GCP Hacking: [**HackTricks Training GCP Red Team Expert (GRTE)**](https://training.hacktricks.xyz/courses/grte)
Support HackTricks * Check the [**subscription plans**](https://github.com/sponsors/carlospolop)! * **Join the** πŸ’¬ [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks\_live)**.** * **Share hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
{% endhint %} Π‘Ρ€Π°ΡƒΠ·Π΅Ρ€ΠΈ ΠΌΠ°ΡŽΡ‚ΡŒ **обмСТСння Π½Π° ΠΊΡ–Π»ΡŒΠΊΡ–ΡΡ‚ΡŒ ΠΊΡƒΠΊΡ–**, які Π²ΠΎΠ½ΠΈ ΠΌΠΎΠΆΡƒΡ‚ΡŒ Π·Π±Π΅Ρ€Ρ–Π³Π°Ρ‚ΠΈ для сторінки. Π’ΠΎΠ΄Ρ–, якщо Π· ΡΠΊΠΎΡ—ΡΡŒ ΠΏΡ€ΠΈΡ‡ΠΈΠ½ΠΈ Π²Π°ΠΌ ΠΏΠΎΡ‚Ρ€Ρ–Π±Π½ΠΎ **Π·Ρ€ΠΎΠ±ΠΈΡ‚ΠΈ ΠΊΡƒΠΊΡ– Π½Π΅Π²ΠΈΠ΄ΠΈΠΌΠΈΠΌΠΈ**, Π²ΠΈ ΠΌΠΎΠΆΠ΅Ρ‚Π΅ **ΠΏΠ΅Ρ€Π΅ΠΏΠΎΠ²Π½ΠΈΡ‚ΠΈ Π±Π°Π½ΠΊΡƒ ΠΊΡƒΠΊΡ–**, ΠΎΡΠΊΡ–Π»ΡŒΠΊΠΈ Π½Π°ΠΉΡΡ‚Π°Ρ€Ρ–ΡˆΡ– Π· Π½ΠΈΡ… Π±ΡƒΠ΄ΡƒΡ‚ΡŒ Π²ΠΈΠ΄Π°Π»Π΅Π½Ρ– ΠΏΠ΅Ρ€ΡˆΠΈΠΌΠΈ: ```javascript // Set many cookies for (let i = 0; i < 700; i++) { document.cookie = `cookie${i}=${i}; Secure`; } // Remove all cookies for (let i = 0; i < 700; i++) { document.cookie = `cookie${i}=${i};expires=Thu, 01 Jan 1970 00:00:01 GMT`; } ``` Π—Π²Π΅Ρ€Π½Ρ–Ρ‚ΡŒ ΡƒΠ²Π°Π³Ρƒ, Ρ‰ΠΎ сторонні ΠΊΡƒΠΊΠΈ, які Π²ΠΊΠ°Π·ΡƒΡŽΡ‚ΡŒ Π½Π° Ρ–Π½ΡˆΠΈΠΉ Π΄ΠΎΠΌΠ΅Π½, Π½Π΅ Π±ΡƒΠ΄ΡƒΡ‚ΡŒ пСрСзаписані. {% hint style="danger" %} Π¦Π΅ΠΉ Π½Π°ΠΏΠ°Π΄ Ρ‚Π°ΠΊΠΎΠΆ ΠΌΠΎΠΆΠ½Π° використовувати для **пСрСзапису HttpOnly ΠΊΡƒΠΊΡ–Π², ΠΎΡΠΊΡ–Π»ΡŒΠΊΠΈ Π²ΠΈ ΠΌΠΎΠΆΠ΅Ρ‚Π΅ Π²ΠΈΠ΄Π°Π»ΠΈΡ‚ΠΈ Ρ—Ρ…, Π° ΠΏΠΎΡ‚Ρ–ΠΌ скинути Π· ΠΏΠΎΡ‚Ρ€Ρ–Π±Π½ΠΈΠΌ Π²Π°ΠΌ значСнням**. ΠŸΠ΅Ρ€Π΅Π²Ρ–Ρ€Ρ‚Π΅ Ρ†Π΅ Π² [**Ρ†ΡŒΠΎΠΌΡƒ пості Π· Π»Π°Π±ΠΎΡ€Π°Ρ‚ΠΎΡ€Ρ–Ρ”ΡŽ**](https://www.sjoerdlangkemper.nl/2020/05/27/overwriting-httponly-cookies-from-javascript-using-cookie-jar-overflow/). {% endhint %} {% hint style="success" %} Π’Ρ‡Ρ–Ρ‚ΡŒΡΡ Ρ‚Π° ΠΏΡ€Π°ΠΊΡ‚ΠΈΠΊΡƒΠΉΡ‚Π΅ AWS Hacking:[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)\ Π’Ρ‡Ρ–Ρ‚ΡŒΡΡ Ρ‚Π° ΠΏΡ€Π°ΠΊΡ‚ΠΈΠΊΡƒΠΉΡ‚Π΅ GCP Hacking: [**HackTricks Training GCP Red Team Expert (GRTE)**](https://training.hacktricks.xyz/courses/grte)
ΠŸΡ–Π΄Ρ‚Ρ€ΠΈΠΌΠΊΠ° HackTricks * ΠŸΠ΅Ρ€Π΅Π²Ρ–Ρ€Ρ‚Π΅ [**ΠΏΠ»Π°Π½ΠΈ підписки**](https://github.com/sponsors/carlospolop)! * **ΠŸΡ€ΠΈΡ”Π΄Π½ΡƒΠΉΡ‚Π΅ΡΡŒ Π΄ΠΎ** πŸ’¬ [**Π³Ρ€ΡƒΠΏΠΈ Discord**](https://discord.gg/hRep4RUj7f) Π°Π±ΠΎ [**Π³Ρ€ΡƒΠΏΠΈ Telegram**](https://t.me/peass) Π°Π±ΠΎ **слідкуйтС** Π·Π° Π½Π°ΠΌΠΈ Π² **Twitter** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks\_live)**.** * **Π”Ρ–Π»Ρ–Ρ‚ΡŒΡΡ Ρ…Π°ΠΊΠ΅Ρ€ΡΡŒΠΊΠΈΠΌΠΈ Ρ‚Ρ€ΡŽΠΊΠ°ΠΌΠΈ, Π½Π°Π΄ΡΠΈΠ»Π°ΡŽΡ‡ΠΈ PR Π΄ΠΎ** [**HackTricks**](https://github.com/carlospolop/hacktricks) Ρ‚Π° [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) Ρ€Π΅ΠΏΠΎΠ·ΠΈΡ‚ΠΎΡ€Ρ–Ρ—Π² Π½Π° github.
{% endhint %}