Penetration Testing mailing list archives

XSS with encrypted cookie?

From: "pire pire" <pirepire69 () romandie com>
Date: Wed, 10 Dec 2003 08:44:07 +0100

Hi,

I'm wondering if it's possible via a XSS attack to steal an 
encrypted cookie (actually it's a session token)? (with some 
javascript like: document.cookie etc...)

If yes, is it also possible to replay this cookie? (of course the 
session must still be valid on the server)

I know it works with regular cookie. 

Thanks a lot for your help



_______________________________________________

La messagerie gratuite des romands : 10 MO !!!
Profitez-en ! >>> http://www.romandie.com

---------------------------------------------------------------------------
----------------------------------------------------------------------------

Current thread:

XSS with encrypted cookie? pire pire (Dec 10)
- Re: XSS with encrypted cookie? dd (Dec 11)
- RE: XSS with encrypted cookie? Rajesh Jose (Dec 11)
  - RE: XSS with encrypted cookie? Achim Dreyer (Dec 11)