[PEN-TEST] altering non-persistent cookies in memory

["Hofmeyr, Michael" <hofmemi () EY CO ZA>]

Hi all,

Many companies are using non-persistent cookies to authenticate
user sessions. have any of you had any experience or ideas for acessing
and altering non-persistant cookies in a browsers memory? Options i have
considered are using JavaScript to overwrite the cookie during the session,
editing
the cookie in memory with Soft Ice or something similar during the session.
Or
simply telnetting to port 80 of the webserver and submitting a fake cookie
directly?

Any comments/ideas would be welcome.

Rgds

Michael Hofmeyr



______________________________________________________________________
 Ernst & Young South Africa - http://www.ey.com/southafrica

     WARNING:  this e-mail contains confidential information and any
     unauthorised use or interception is illegal.
     If this e-mail is not intended for you, you may not copy, distribute
     or disclose the contents to anyone nor
     take any action in reliance on the content.  If you receive this in
     error, please contact the sender and
     delete the material from any computer.