WebApp Sec mailing list archives

Re: Unable to impersonate another user although having its cookie

From: arvind doraiswamy <arvind.doraiswamy () gmail com>
Date: Mon, 27 Jul 2009 21:30:42 +0530

A very very late entry to this thread with a side point - The easiest
way to check what's getting sent by 2 different users is by simply
using Burp Comparer. Just Intercept the requests with Burp Proxy and
send them to Comparer to see what's different. Once you find out
what's different just try and spoof that in your next request. Here is
a nice post on how to use Burp Comparer:

http://portswigger.net/suite/comparerhelp.html

Cheers
Arvind

Current thread:

Re: Unable to impersonate another user although having its cookie, (continued)
- - Re: Unable to impersonate another user although having its cookie S I (Jul 01)
    - Re: Unable to impersonate another user although having its cookie Heine Deelstra (Jul 01)
    - Re: [SOLVED] Unable to impersonate another user although having its cookie Juan Kinunt (Jul 06)
- Re: Unable to impersonate another user although having its cookie Irene Abezgauz (Jul 01)
  - Re: Unable to impersonate another user although having its cookie Michael Yelland (Jul 01)
- RE: Unable to impersonate another user although having its cookie Hellman, Matthew (Jul 01)
  - Re: Unable to impersonate another user although having its cookie Guillermo Caminer (Jul 06)
- Re: Unable to impersonate another user although having its cookie Guillermo Caminer (Jul 06)
  - Re: Unable to impersonate another user although having its cookie José Manuel Molina Pascual (Jul 06)
- RE: Unable to impersonate another user although having its cookie Martin O'Neal (Jul 01)
- Re: Unable to impersonate another user although having its cookie arvind doraiswamy (Jul 27)