WebApp Sec mailing list archives
RE: MSIE session cookies
From: "Zhou, Joe [HR]" <Joe.Zhou () sprint com>
Date: Fri, 20 Jan 2006 08:46:35 -0600
HTTPWatch (http://www.httpwatch.co.uk/) can view session cookies in MSIE but cannot modify them. --JZ -----Original Message----- From: Richard M. Smith [mailto:rms () computerbytesman com] Sent: Thursday, January 19, 2006 8:29 AM To: 'John Bond'; webappsec () securityfocus com Subject: RE: MSIE session cookies You'll need to use the InternetExplorer.Application ActiveX control. Here's some sample code in Visual Basic: http://visualbasic.about.com/od/standalonevb6/l/blnewieinstance.htm After navigating to a Web page, cookies can be accessed using this expression: IE.Document.cookie Richard -----Original Message----- From: John Bond [mailto:john.r.bond () gmail com] Sent: Thursday, January 19, 2006 9:04 AM To: webappsec () securityfocus com Subject: Re: MSIE session cookies Hi, Thank you all for your responses. I have paros fiddler and webscarab and think there all good tools. However what i would really like to do is read the cookies directly from memory. I want to be able to read cookies which have already been set. possibly monitor when that memory is accessed
Session cookies don't appear to be stored in files which implies they are only held in RAM.
This is what i think i have tried lookingon google for anymore infomation but i am unableto find any. I think the simplist way to do this would be to patch the MSIE api calls for cookies. Any Ideas, pappers or usefull programs would be aprieciate
Richard
------------------------------------------------------------------------ - This List Sponsored by: Watchfire Watchfire's AppScan is the industry's first and leading web application security testing suite, and the only solution to provide comprehensive remediation tasks at every level of the application. See for yourself. Download AppScan 6.0 today. https://www.watchfire.com/securearea/appscansix.aspx?id=701300000003Ssh ------------------------------------------------------------------------ -- ------------------------------------------------------------------------ - This List Sponsored by: Watchfire Watchfire's AppScan is the industry's first and leading web application security testing suite, and the only solution to provide comprehensive remediation tasks at every level of the application. See for yourself. Download AppScan 6.0 today. https://www.watchfire.com/securearea/appscansix.aspx?id=701300000003Ssh ------------------------------------------------------------------------ -- ------------------------------------------------------------------------- This List Sponsored by: Watchfire Watchfire's AppScan is the industry's first and leading web application security testing suite, and the only solution to provide comprehensive remediation tasks at every level of the application. See for yourself. Download AppScan 6.0 today. https://www.watchfire.com/securearea/appscansix.aspx?id=701300000003Ssh --------------------------------------------------------------------------
Current thread:
- Re: MSIE session cookies, (continued)
- Re: MSIE session cookies John Bond (Jan 19)
- RE: MSIE session cookies Richard M. Smith (Jan 19)
- Re: MSIE session cookies John Bond (Jan 19)
- RE: MSIE session cookies Richard M. Smith (Jan 19)
- Message not available
- Re: MSIE session cookies John Bond (Jan 20)