WebApp Sec mailing list archives

RE: modify non-persistent cookies

From: "Glyn" <glyng () bigfoot com>
Date: Tue, 17 Dec 2002 16:07:59 -0000

Hi,

Using application assessment proxy tools like Achilles, WebProxy or
Odysseus you can intercept in and outbound headers and data.  

You can therefore either modify the cookie on the way in (so your
version of the cookie is held by the browser); or the way out
(substituting your data for the cookie).

Regards,
G.

www.wastelands.gen.nz/odysseus
www.packetstormsecurity.com/filedesc/achilles-0-27.zip.html
www.atstake.com/research/tools

-----Original Message-----
From: mono toy [mailto:mono () spurious biz] 
Sent: 17 December 2002 10:56
To: Webappsec@Securityfocus. Com
Subject: modify non-persistent cookies


dear list,

is there a way to modify the contents of a non-persistent 
cookie one receives?

thanks!

nico

[ Chief Financial Officer ]
[ cfo () spurious biz ]
[ smells like napalm, tastes like chicken! ]
[ 55B4 B4B6 B2EC B612 6A35  1535 C7E9 0534 7C69 25DF ]

Current thread:

modify non-persistent cookies mono toy (Dec 17)
- Re: modify non-persistent cookies Peter Conrad (Dec 17)
- RE: modify non-persistent cookies Glyn (Dec 17)
- Re: modify non-persistent cookies Kevin Spett (Dec 18)
- SUMMARY modify non-persistent cookies and more q's mono toy (Dec 19)
  - Re: SUMMARY modify non-persistent cookies and more q's Kevin Spett (Dec 19)
- <Possible follow-ups>
- Re: modify non-persistent cookies MICHAEL GERMONY (Dec 17)
- RE: modify non-persistent cookies Chris Neppes (Dec 17)
- RE: modify non-persistent cookies Venkat, Sanjay (Dec 17)
- Re: modify non-persistent cookies securityarchitect (Dec 17)
  - Re: modify non-persistent cookies Charles Miller (Dec 17)
  - Re: modify non-persistent cookies Mr. Rufus Faloofus (Dec 17)
  - Re: modify non-persistent cookies Choong-Fook Fong (Dec 18)

(Thread continues...)