WebApp Sec mailing list archives
Re: Modifing non-persistent cookies
From: Rogan Dawes <discard () dawes za net>
Date: Mon, 12 Dec 2005 08:29:57 +0200
Jason binger wrote:
I am looking for an application that can modify a non-persistent cookies value permanently (while the browser is open). I am testing a web app where a UserID=Number is set in the browser. If I change this number to another ID I can access other users functions, but I don't want to have to manually change it with each request using a web proxy. Does anyone have some other ideas? Cheers
There are a couple of ways of doing this with WebScarab:1) Using the shared cookies tool (Tools -> Shared Cookies), add a new cookie with the value that you want to insert. You need to set the correct domain, path, cookie name, etc. Then select the Proxy plugin, and the Miscellaneous tab, where you will see an option "Insert known cookies into requests". Check this option to configure WebScarab to insert the cookie that you just added into the requests that come in via the browser.
2) Using the Beanshell scripting plugin. There are two places that you can do this, it is up to you which you choose. a) Via the Proxy->BeanShell plugin Hit the checkbox to enable the plugin. Write a snippet of Java code to modify the Cookie header appropriately: e.g. cookie = request.getHeader("Cookie"); cookies = cookie.split("; *"); cookie = ""; for (i = 0; i< cookies.length; i++) { nv = cookies[i].split("=", 2); if (nv[0].equals("yourcookiename") { nv[1] = "yournewvalue"; } cookie = cookie + "; "; } cookie = cookie.substring(2); request.setHeader("Cookie", cookie); response = nextplugin.fetchResponse(request); return response; The exact code may vary, but I hope you get the idea. When your code is finished, hit the commit button to activate it. b) The other method is via the Tools->ScriptManager. Select the Proxy node, and then "Intercept Request"As per the hints in the description box, you would need to change the code above slightly.
Add the following line at the top: request = connection.getRequest(); and then replace the last 2 lines with: connection.setRequest(request); Summary =======The first method is the most straightforward, but is susceptible to the server sending a new cookie to override the one you are currently using (if you also have "Extract cookies from responses" enabled)
The second (two) methods are more complicated, but also more powerful. Rather than simply replacing a cookie, you could also be doing things like calculating a digital signature of the parameters, or something equally complicated. The limit is your imagination, and your coding ability! ;-)
If you have any questions, please respond to the list, and I'll be happy to explain further.
Rogan (the author of WebScarab ;-) )
Current thread:
- Modifing non-persistent cookies Jason binger (Dec 11)
- Re: Modifing non-persistent cookies Andres Riancho (Dec 11)
- Re: Modifing non-persistent cookies David Hogue (Dec 11)
- Re: Modifing non-persistent cookies Dean H. Saxe (Dec 11)
- Re: Modifing non-persistent cookies Rogan Dawes (Dec 11)
- <Possible follow-ups>
- RE: Modifing non-persistent cookies Luke Fraser (Dec 11)
- RE: Modifing non-persistent cookies Matt Fisher (Dec 16)