I tried performing XST with TRACE but its cancelled on chrome, is there any newer exploits/methods known for accessing httpOnly cookies?