WebApp Sec mailing list archives
Re: MSIE session cookies
From: John Bond <john.r.bond () gmail com>
Date: Fri, 20 Jan 2006 15:45:55 +0000
On 20/01/06, Zhou, Joe [HR] <Joe.Zhou () sprint com> wrote:
HTTPWatch (http://www.httpwatch.co.uk/) can view session cookies in MSIE but cannot modify them.
This is what i was after but its a bit expensive. I am working on a quick and dirty bit of code which writes them to the standard cookie folder. i can then use IEwatch to view them. Thats all i want at the moment. It will work by monitoring when a cookie is set and when it is destroyed. I intend to to this by hooking into CBTProc and then hooking the IE event which sets. cookies.havn't had time to find this yet but expect it will make use of this object http://msdn.microsoft.com/library/default.asp?url=/workshop/browser/webbrows er/reference/ifaces/iwebbrowser2/iwebbrowser2.asp thanks for all your help ------------------------------------------------------------------------- This List Sponsored by: Watchfire Watchfire's AppScan is the industry's first and leading web application security testing suite, and the only solution to provide comprehensive remediation tasks at every level of the application. See for yourself. Download AppScan 6.0 today. https://www.watchfire.com/securearea/appscansix.aspx?id=701300000003Ssh --------------------------------------------------------------------------
Current thread:
- RE: MSIE session cookies, (continued)
- RE: MSIE session cookies Richard M. Smith (Jan 19)
- Re: MSIE session cookies John Bond (Jan 19)
- RE: MSIE session cookies Richard M. Smith (Jan 19)
- Re: MSIE session cookies Jean-Jacques Halans (Jan 19)
- Re: MSIE session cookies Aman Raheja (Jan 21)
- RE: MSIE session cookies Zhou, Joe [HR] (Jan 19)
- RE: MSIE session cookies Sebastien Deleersnyder (Jan 19)
- RE: MSIE session cookies Labe Grzegorz DRS-BSI Centrala (Jan 19)
- RE: MSIE session cookies veille_audit (Jan 19)
- RE: MSIE session cookies Zhou, Joe [HR] (Jan 21)
- Message not available
- Re: MSIE session cookies John Bond (Jan 20)
- Message not available