WebApp Sec mailing list archives

RE: Modifing non-persistent cookies

From: Luke Fraser <LFraser () soltrus com>
Date: Sun, 11 Dec 2005 18:29:18 -0500

Could you use a personal proxy (WebScarab, Paros, etc) to change the
response from the server that sets the cookie?  Then you'd only have to do
it once.

Or you could use this Firefox Extension:
http://addneditcookies.mozdev.org/index.html

Luke 

-----Original Message-----
From: Jason binger [mailto:cisspstudy () yahoo com] 
Sent: Sunday, December 11, 2005 5:48 PM
To: webappsec () securityfocus com
Subject: Modifing non-persistent cookies

I am looking for an application that can modify a non-persistent cookies
value permanently (while the browser is open).

I am testing a web app where a UserID=Number is set in the browser. If I
change this number to another ID I can access other users functions, but I
don't want to have to manually change it with each request using a web
proxy.

Does anyone have some other ideas?

Cheers

__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around
http://mail.yahoo.com

Current thread:

Modifing non-persistent cookies Jason binger (Dec 11)
- Re: Modifing non-persistent cookies Andres Riancho (Dec 11)
- Re: Modifing non-persistent cookies David Hogue (Dec 11)
  - Re: Modifing non-persistent cookies Dean H. Saxe (Dec 11)
- Re: Modifing non-persistent cookies Rogan Dawes (Dec 11)
- <Possible follow-ups>
- RE: Modifing non-persistent cookies Luke Fraser (Dec 11)
- RE: Modifing non-persistent cookies Matt Fisher (Dec 16)