#### Bug - Try using owtf proxy to browse to any wordpress admin page. - Try logging in. (Invalid credentials will also do) - You should see a message on the login page that cookie support seems disabled!!! #### Fix [This line](https://github.com/owtf/owtf/blob/4c3ae8182cf4ce0948fd3d876a8eeba1a55d3fc2/framework/http/proxy/proxy.py#L76) ``` for header, value in list(response.headers.items()): ``` should be ``` for header, value in response.headers.get_all(): ``` #### Verification - Repeat the same steps and you should see no such cookies disabled message. - Do not send a PR or commit without verifying the fix first!! #### Reasoning - Servers send multiple **Set-Cookie** headers - When iterated over these headers using items, list of set-cookie header values is joined using comma - This format of mentioning multiple cookies in one Set-Cookie header seperated by comma is not recognised by browsers. - The ideal way of doing this is by using `get_all()` method of tornado headers.
Bug
Fix
This line
should be
Verification
Reasoning
get_all()method of tornado headers.