Penetration Testing mailing list archives
[PEN-TEST] altering non-persistent cookies in memory
From: "Hofmeyr, Michael" <hofmemi () EY CO ZA>
Date: Wed, 17 Jan 2001 06:15:56 +0000
Hi all, Many companies are using non-persistent cookies to authenticate user sessions. have any of you had any experience or ideas for acessing and altering non-persistant cookies in a browsers memory? Options i have considered are using JavaScript to overwrite the cookie during the session, editing the cookie in memory with Soft Ice or something similar during the session. Or simply telnetting to port 80 of the webserver and submitting a fake cookie directly? Any comments/ideas would be welcome. Rgds Michael Hofmeyr ______________________________________________________________________ Ernst & Young South Africa - http://www.ey.com/southafrica WARNING: this e-mail contains confidential information and any unauthorised use or interception is illegal. If this e-mail is not intended for you, you may not copy, distribute or disclose the contents to anyone nor take any action in reliance on the content. If you receive this in error, please contact the sender and delete the material from any computer.
Current thread:
- [PEN-TEST] altering non-persistent cookies in memory Hofmeyr, Michael (Jan 16)
- Re: [PEN-TEST] altering non-persistent cookies in memory Philip Stoev (Jan 17)
- Re: [PEN-TEST] altering non-persistent cookies in memory Tom Watson (Jan 17)
- Re: [PEN-TEST] altering non-persistent cookies in memory Dzzie Z (Jan 17)
- Re: [PEN-TEST] altering non-persistent cookies in memory Thomas Reinke (Jan 17)
- Re: [PEN-TEST] altering non-persistent cookies in memory Robert van der Meulen (Jan 17)
- Re: [PEN-TEST] altering non-persistent cookies in memory Erik Peterson (Jan 17)
- Re: [PEN-TEST] altering non-persistent cookies in memory Philip Stoev (Jan 17)