28

Is it possible to break javascript execution in browser developer tools always when a cookie is set (without setting JS breakpoints explicitly)?

document.cookie = '...';
Improve this question
1

5 Answers 5

Reset to default
36

Adding this snippet in the beginning of the html → head block works fine:

<script type="text/javascript">
    function debugAccess(obj, prop, debugGet){
        var origValue = obj[prop];
        Object.defineProperty(obj, prop, {
            get: function () {
                if ( debugGet )
                    debugger;
                return origValue;
            },
            set: function(val) {
                debugger;
                return origValue = val;
            }
        });
    };
    debugAccess(document, 'cookie');
</script>

See this Angular University page for more information.

Improve this answer
Sign up to request clarification or add additional context in comments.

4 Comments

Worked well in Chrome. 1. Added breakpoint to first line of js in index . 2. Reload page until breakpoint triggers. 3. Paste in the above code between script tags to console. 4. Step through newly triggered js breakpoints and read Call Stack and Scope in debugger to determine script origin and cookie name/val .
Note that this won't work for PHPSESSID or server-side cookies.
Note that this won't update/change the document.cookie value anymore! Use answer by @fflorent or related duplicate questions.
I changed @fflorent's answer to accepted.
16

This should work (run it in a console):

origDescriptor = Object.getOwnPropertyDescriptor(Document.prototype, 'cookie');
Object.defineProperty(document, 'cookie', {
  get() {
    return origDescriptor.get.call(this);
  },
  set(value) {
    debugger;
    return origDescriptor.set.call(this, value);
  },
  enumerable: true,
  configurable: true
});
Improve this answer

2 Comments

Works like a charm in FireBug. Thanks for helping fflorent!
HTMLDocument.prototype needs to be replaced with Document.prototype to work nowadays (browser implementors moved the property definition)
1

A better way than overriding the whole HTMLDocument.prototype cookie property is to use Reflect and Proxy. This way, instead of having to provide an override for every method of the cookie property, you only have to provide the particular method (ie. when the cookie is set).

Reflect.setPrototypeOf(document, new Proxy(Reflect.getPrototypeOf(document), {
  set(target, key, value, thisArg) {
    if (key === 'cookie') {
      // when document.cookie is assigned a value, we end up here.
      debugger;
    }

    // flow through to the original object assignment
    return Reflect.set(...arguments)
  }
}));
Improve this answer

Comments

-3

In Chrome dev-tools, you can right click on a cookie in the application cookies and select 'show request with this cookie'

so it's not an interception, but if your goal is to identify where a cookie comes from then it's a good way.

Improve this answer

1 Comment

While useful, this shows which request has a certain cookie header, not which requests sets a cookie for the first time (which I suspect the OP is after). Every first party cookie will be included in each requests to your server, so this might not help a lot to narrow things down.
-6

Try setting it in a If statement.

if(document.cookie.indexOf('...') >= 0){
  debugger;
}

note: when using firefox your console has to be open. in chrome this is not the case.

Improve this answer

1 Comment

This does not pause execution on a line document.cookie =. I'm trying to find out where in the JS code certain cookies are set.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.