Is it possible to break javascript execution in browser developer tools always when a cookie is set (without setting JS breakpoints explicitly)?
document.cookie = '...';
Asked
Active
Viewed 1.3k times
25
haba713
- 2,465
- 1
- 24
- 45
-
1Possible duplicate of [Proxying of document.cookie](https://stackoverflow.com/questions/32410331/proxying-of-document-cookie) – mems Aug 19 '19 at 15:15
5 Answers
34
Adding this snippet in the beginning of an html → head block works fine:
<script type="text/javascript">
function debugAccess(obj, prop, debugGet){
var origValue = obj[prop];
Object.defineProperty(obj, prop, {
get: function () {
if ( debugGet )
debugger;
return origValue;
},
set: function(val) {
debugger;
return origValue = val;
}
});
};
debugAccess(document, 'cookie');
</script>
See this Angular University page for more information.
haba713
- 2,465
- 1
- 24
- 45
-
2Worked well in Chrome. 1. Added breakpoint to first line of js in index . 2. Reload page until breakpoint triggers. 3. Paste in the above code between script tags to console. 4. Step through newly triggered js breakpoints and read Call Stack and Scope in debugger to determine script origin and cookie name/val . – here Dec 05 '18 at 23:56
-
Note that this won't work for PHPSESSID or server-side cookies. – Eduardo Procópio Gomez Jan 13 '23 at 19:25
-
Note that this won't update/change the document.cookie value anymore! Use answer by @fflorent or related duplicate questions. – Robert Sep 02 '23 at 09:41
-
13
This should work (run it in a console):
origDescriptor = Object.getOwnPropertyDescriptor(Document.prototype, 'cookie');
Object.defineProperty(document, 'cookie', {
get() {
return origDescriptor.get.call(this);
},
set(value) {
debugger;
return origDescriptor.set.call(this, value);
},
enumerable: true,
configurable: true
});
Zhaph - Ben Duguid
- 26,785
- 5
- 80
- 117
fflorent
- 1,596
- 9
- 11
-
Works like a charm in FireBug. Thanks for helping [fflorent](http://stackoverflow.com/users/915465/fflorent)! – haba713 Dec 20 '16 at 18:45
-
HTMLDocument.prototype needs to be replaced with Document.prototype to work nowadays (browser implementors moved the property definition) – Ryan Tarpine Mar 10 '22 at 20:42
0
A better way than overriding the whole HTMLDocument.prototype cookie property is to use Reflect and Proxy. This way, instead of having to provide an override for every method of the cookie property, you only have to provide the particular method (ie. when the cookie is set).
Reflect.setPrototypeOf(document, new Proxy(Reflect.getPrototypeOf(document), {
set(target, key, value, thisArg) {
if (key === 'cookie') {
// when document.cookie is assigned a value, we end up here.
debugger;
}
// flow through to the original object assignment
return Reflect.set(...arguments)
}
}));
erroric
- 991
- 1
- 11
- 22
-2
In Chrome dev-tools, you can right click on a cookie in the application cookies and select 'show request with this cookie'
so it's not an interception, but if your goal is to identify where a cookie comes from then it's a good way.
dancl
- 689
- 5
- 13
-
3While useful, this shows which request has a certain cookie header, not which requests sets a cookie for the first time (which I suspect the OP is after). Every first party cookie will be included in each requests to your server, so this might not help a lot to narrow things down. – Eike Pierstorff Oct 14 '20 at 13:32
-5
Try setting it in a If statement.
if(document.cookie.indexOf('...') >= 0){
debugger;
}
note: when using firefox your console has to be open. in chrome this is not the case.
D. Piep
- 13
- 5
-
1This does not pause execution on a line `document.cookie =`. I'm trying to find out where in the JS code certain cookies are set. – haba713 Dec 20 '16 at 16:06