WebApp Sec mailing list archives
RE: Modifing non-persistent cookies
From: "Matt Fisher" <mfisher () spidynamics com>
Date: Fri, 16 Dec 2005 14:40:44 -0500
Your proxy should be able to do that for you. The one I use most often ( take a guess which ) lets me write a search-and-replace filter so that the UserID=whatever would be changed on the fly for me. Or, I could use it to modify the server response so that I change the cookie once and the browser remembers my modified cookie and sends it up with every request.
-----Original Message----- From: Jason binger [mailto:cisspstudy () yahoo com] Sent: Sunday, December 11, 2005 5:48 PM To: webappsec () securityfocus com Subject: Modifing non-persistent cookies I am looking for an application that can modify a non-persistent cookies value permanently (while the browser is open). I am testing a web app where a UserID=Number is set in the browser. If I change this number to another ID I can access other users functions, but I don't want to have to manually change it with each request using a web proxy. Does anyone have some other ideas? Cheers __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
Current thread:
- Modifing non-persistent cookies Jason binger (Dec 11)
- Re: Modifing non-persistent cookies Andres Riancho (Dec 11)
- Re: Modifing non-persistent cookies David Hogue (Dec 11)
- Re: Modifing non-persistent cookies Dean H. Saxe (Dec 11)
- Re: Modifing non-persistent cookies Rogan Dawes (Dec 11)
- <Possible follow-ups>
- RE: Modifing non-persistent cookies Luke Fraser (Dec 11)
- RE: Modifing non-persistent cookies Matt Fisher (Dec 16)