WebApp Sec mailing list archives

Previous By Date Next
Previous By Thread Next

RE: MSIE session cookies

From: "Richard M. Smith" <rms () computerbytesman com>
Date: Thu, 19 Jan 2006 10:50:50 -0500
Yet another option is to build an IE BHO (browser help object) or toolbar.
BHOs and toolbars also can access the DOM (including document.cookie) of Web
pages using the Webbrowser interface.

Richard 

-----Original Message-----
From: John Bond [mailto:john.r.bond () gmail com] 
Sent: Thursday, January 19, 2006 9:33 AM
To: Richard M. Smith
Cc: webappsec () securityfocus com
Subject: Re: MSIE session cookies

On 19/01/06, Richard M. Smith <rms () computerbytesman com> wrote:

You'll need to use the InternetExplorer.Application ActiveX control.  
Here's some sample code in Visual Basic:

http://visualbasic.about.com/od/standalonevb6/l/blnewieinstance.htm

After navigating to a Web page, cookies can be accessed using this
expression:

IE.Document.cookie



This is much more like what i want.  Does the code have to open the browser
or can it hookinto a instance which has already been opened.

-------------------------------------------------------------------------
This List Sponsored by: Watchfire

Watchfire's AppScan is the industry's first and leading web application 
security testing suite, and the only solution to provide comprehensive 
remediation tasks at every level of the application. See for yourself. 
Download AppScan 6.0 today.

https://www.watchfire.com/securearea/appscansix.aspx?id=701300000003Ssh
--------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: