Penetration Testing mailing list archives
Re: saving session cookies?
From: Javier Fernandez-Sanguino <jfernandez () germinus com>
Date: Thu, 16 Mar 2006 10:17:04 +0100
offset wrote:
Hi Lee, Thanks for the feedback, however To my knowledge, session cookies are not stored on disk (by design), at least on any browser that I have used.
That really depends on what the server says (and what you "accept" on the browser). Cookie lifetime is set on server headers, typically session cookies will be only stored on memory if the server did not provide an expiration, but some applications set expiration dates for session cookies (sometimes on purpose) that makes the cookie be stored on disk.
In any case, you might be interested in taking a look at WebScarab, when saving a navigation session you get a few files in the navigation session including a 'cookies' file which includes all cookies that the proxy has seen throughout the session (regardless of expiration information given by the server)
Alternatively, as said previously, you can use the "Add N Edit Cookies" extension in Mozill and use the Cookie Editor to change the expiration dates of the cookies so that you force Mozilla to store them in the cookies file (regardless of what the server says)
Regards Javier ------------------------------------------------------------------------------ This List Sponsored by: CenzicConcerned about Web Application Security? As attacks through web applications continue to rise, you need to proactively protect your applications from hackers. Cenzic has the most comprehensive solutions to meet your application security penetration testing and vulnerability management needs. You have an option to go with a managed service (Cenzic ClickToSecure) or an enterprise software (Cenzic Hailstorm). Download FREE whitepaper on how a managed service can help you: http://www.cenzic.com/forms/ec.php?pubid=10025 And, now for a limited time we can do a FREE audit for you to confirm your results from other product. Contact us at request () cenzic com
------------------------------------------------------------------------------
Current thread:
- saving session cookies? offset (Mar 14)
- Re: saving session cookies? Rogan Dawes (Mar 14)
- Re: saving session cookies? Ivan . (Mar 14)
- Re: saving session cookies? offset (Mar 14)
- Re: saving session cookies? Ivan . (Mar 15)
- Re: saving session cookies? Andrew Simmons (Mar 15)
- Message not available
- Re: saving session cookies? offset (Mar 15)
- Re: saving session cookies? Javier Fernandez-Sanguino (Mar 16)
- Re: saving session cookies? offset (Mar 14)
- Re: saving session cookies? Chun Han Henry LIM (Mar 16)
- Re: saving session cookies? offset (Mar 14)
- Re: saving session cookies? Gary E. Miller (Mar 14)
- Re: saving session cookies? Lelli Mami (Mar 15)
- <Possible follow-ups>
- RE: saving session cookies? Johanna Berg (Mar 15)