WebApp Sec mailing list archives
Re: modify non-persistent cookies
From: "MICHAEL GERMONY" <mgermony () mandtbank com>
Date: Tue, 17 Dec 2002 14:17:19 -0500
If you are talking about in transit, then Yes, you can, as long as there is path symmetry through or past the device you want to perform it. Either that or you have to be a man-in-the-middle. Content switches like F5 and Cisco CSS can definitely do it, I know cause I've tested it- basically using a CSS as a cookie "translator". In this case I had to use the CSS scripting language to rewrite the HTTP headers on the fly...you could do the same thing with some C code and a promiscuous net card/driver if you wanted a cheaper way to do it. It would be a challenge, but do-able. If you are talking on host or client side, then I suppose you would be able to do it by writing some code that bumps the IP stack to redirect L5-L7 through a "cookie-cutter" before it gets to the browser and/or before it leaves the machine. FWIW Mike
"mono toy" <mono () spurious biz> 12/17/02 05:55AM >>>
dear list, is there a way to modify the contents of a non-persistent cookie one receives? thanks! nico [ Chief Financial Officer ] [ cfo () spurious biz ] [ smells like napalm, tastes like chicken! ] [ 55B4 B4B6 B2EC B612 6A35 1535 C7E9 0534 7C69 25DF ]
Current thread:
- modify non-persistent cookies mono toy (Dec 17)
- Re: modify non-persistent cookies Peter Conrad (Dec 17)
- RE: modify non-persistent cookies Glyn (Dec 17)
- Re: modify non-persistent cookies Kevin Spett (Dec 18)
- SUMMARY modify non-persistent cookies and more q's mono toy (Dec 19)
- Re: SUMMARY modify non-persistent cookies and more q's Kevin Spett (Dec 19)
- <Possible follow-ups>
- Re: modify non-persistent cookies MICHAEL GERMONY (Dec 17)
- RE: modify non-persistent cookies Chris Neppes (Dec 17)
- RE: modify non-persistent cookies Venkat, Sanjay (Dec 17)
- Re: modify non-persistent cookies securityarchitect (Dec 17)
- Re: modify non-persistent cookies Charles Miller (Dec 17)
- Re: modify non-persistent cookies Mr. Rufus Faloofus (Dec 17)
- Re: modify non-persistent cookies Choong-Fook Fong (Dec 18)
- Re: modify non-persistent cookies zeno (Dec 17)
- RE: modify non-persistent cookies Uzi Refaeli (Dec 17)