WebApp Sec mailing list archives

RE: Modifing non-persistent cookies

From: "Matt Fisher" <mfisher () spidynamics com>
Date: Fri, 16 Dec 2005 14:40:44 -0500

Your proxy should be able to do that for you.  The one I use most often
( take a guess which ) lets me write a search-and-replace filter so that
the UserID=whatever would be changed on the fly for me.  Or, I could use
it to modify the server response so that I change the cookie once and
the browser remembers my modified cookie and sends it up with every
request.

-----Original Message-----
From: Jason binger [mailto:cisspstudy () yahoo com] 
Sent: Sunday, December 11, 2005 5:48 PM
To: webappsec () securityfocus com
Subject: Modifing non-persistent cookies

I am looking for an application that can modify a 
non-persistent cookies value permanently (while the browser is open).

I am testing a web app where a UserID=Number is set in the 
browser. If I change this number to another ID I can access 
other users functions, but I don't want to have to manually 
change it with each request using a web proxy.

Does anyone have some other ideas?

Cheers

__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection 
around http://mail.yahoo.com

Current thread:

Modifing non-persistent cookies Jason binger (Dec 11)
- Re: Modifing non-persistent cookies Andres Riancho (Dec 11)
- Re: Modifing non-persistent cookies David Hogue (Dec 11)
  - Re: Modifing non-persistent cookies Dean H. Saxe (Dec 11)
- Re: Modifing non-persistent cookies Rogan Dawes (Dec 11)
- <Possible follow-ups>
- RE: Modifing non-persistent cookies Luke Fraser (Dec 11)
- RE: Modifing non-persistent cookies Matt Fisher (Dec 16)