WebApp Sec mailing list archives
RE: modify non-persistent cookies
From: "Chris Neppes" <cneppes () port80software com>
Date: Tue, 17 Dec 2002 11:37:18 -0800
In IIS, you can disable the ASP session state so that the session cookie id is masked (http://support.microsoft.com/default.aspx?scid=kb;en-us;Q244465). If you want to further mask any session cookie on an IIS box, try ServerMask (www.servermask.com). Best, Chris :::::::::: :::::::::: Chris Neppes Port80 Software, Inc. www.port80software.com 5252 Balboa Ave., Ste. 605 San Diego, CA 92117 cneppes () port80software com 858.268.7960 voice 619.606.2860 cell 858.268.7760 fax Web server modules for Microsoft IIS. security. performance. user experience. -----Original Message----- From: Glyn [mailto:glyng () bigfoot com] Sent: Tuesday, December 17, 2002 8:08 AM To: mono () spurious biz; webappsec () securityfocus com Subject: RE: modify non-persistent cookies Hi, Using application assessment proxy tools like Achilles, WebProxy or Odysseus you can intercept in and outbound headers and data. You can therefore either modify the cookie on the way in (so your version of the cookie is held by the browser); or the way out (substituting your data for the cookie). Regards, G. www.wastelands.gen.nz/odysseus www.packetstormsecurity.com/filedesc/achilles-0-27.zip.html www.atstake.com/research/tools
-----Original Message----- From: mono toy [mailto:mono () spurious biz] Sent: 17 December 2002 10:56 To: Webappsec@Securityfocus. Com Subject: modify non-persistent cookies dear list, is there a way to modify the contents of a non-persistent cookie one receives? thanks! nico [ Chief Financial Officer ] [ cfo () spurious biz ] [ smells like napalm, tastes like chicken! ] [ 55B4 B4B6 B2EC B612 6A35 1535 C7E9 0534 7C69 25DF ]
Current thread:
- modify non-persistent cookies mono toy (Dec 17)
- Re: modify non-persistent cookies Peter Conrad (Dec 17)
- RE: modify non-persistent cookies Glyn (Dec 17)
- Re: modify non-persistent cookies Kevin Spett (Dec 18)
- SUMMARY modify non-persistent cookies and more q's mono toy (Dec 19)
- Re: SUMMARY modify non-persistent cookies and more q's Kevin Spett (Dec 19)
- <Possible follow-ups>
- Re: modify non-persistent cookies MICHAEL GERMONY (Dec 17)
- RE: modify non-persistent cookies Chris Neppes (Dec 17)
- RE: modify non-persistent cookies Venkat, Sanjay (Dec 17)
- Re: modify non-persistent cookies securityarchitect (Dec 17)
- Re: modify non-persistent cookies Charles Miller (Dec 17)
- Re: modify non-persistent cookies Mr. Rufus Faloofus (Dec 17)
- Re: modify non-persistent cookies Choong-Fook Fong (Dec 18)
- Re: modify non-persistent cookies zeno (Dec 17)
- RE: modify non-persistent cookies Uzi Refaeli (Dec 17)