Re: SUMMARY modify non-persistent cookies and more q's

["Kevin Spett" <kspett () spidynamics com>]

One of the @stake tools (WebProxy I think) is Java-based and thus
platform-independent, if slow.



Kevin Spett
SPI Labs
http://www.spidynamics.com/

----- Original Message -----
From: "mono toy" <mono () spurious biz>
To: "webappsec@securityfocus" <webappsec () securityfocus com>
Sent: Thursday, December 19, 2002 9:14 AM
Subject: SUMMARY modify non-persistent cookies and more q's


> dear list,
>
> thanks for all the replies! i'll post a brief summary now and ask some
> more ...
>
> modifying non-persistant cookies is definitely possible :) some ways:
>
> - proxies, proxie-like things and testing suites (@stake, achilles,
> websleuth, etc.):
> i tried achilles (somewhat unstable), @stake's is too expensive, websleuth
> looks very nice but haven't had time to test it yet (i rarely use win
> boxes)
> - ram editors (winhex looks very nice, expensive too though)
> - handcrafting (via BHO, perl http-request module, ...)
> - the easiest way though: "javascript:
> document.cookie='CookieName=CookieValue';" :)
>
> as for the proxy and ram editor things: most of these tools were either
> expensive, or windows-only, or both. ... can somebody recommend some good,
> free, opensource, linux (or os x) variant for tools like winhex or
> websleuth?
>
> many thanks,
>
> nico