WebApp Sec mailing list archives
Re: Unable to impersonate another user although having its cookie
From: arvind doraiswamy <arvind.doraiswamy () gmail com>
Date: Mon, 27 Jul 2009 21:30:42 +0530
A very very late entry to this thread with a side point - The easiest way to check what's getting sent by 2 different users is by simply using Burp Comparer. Just Intercept the requests with Burp Proxy and send them to Comparer to see what's different. Once you find out what's different just try and spoof that in your next request. Here is a nice post on how to use Burp Comparer: http://portswigger.net/suite/comparerhelp.html Cheers Arvind
Current thread:
- Re: Unable to impersonate another user although having its cookie, (continued)
- Re: Unable to impersonate another user although having its cookie S I (Jul 01)
- Re: Unable to impersonate another user although having its cookie Heine Deelstra (Jul 01)
- Re: [SOLVED] Unable to impersonate another user although having its cookie Juan Kinunt (Jul 06)
- Re: Unable to impersonate another user although having its cookie S I (Jul 01)
- Re: Unable to impersonate another user although having its cookie Irene Abezgauz (Jul 01)
- Re: Unable to impersonate another user although having its cookie Michael Yelland (Jul 01)
- RE: Unable to impersonate another user although having its cookie Hellman, Matthew (Jul 01)
- Re: Unable to impersonate another user although having its cookie Guillermo Caminer (Jul 06)
- Re: Unable to impersonate another user although having its cookie Guillermo Caminer (Jul 06)
- Re: Unable to impersonate another user although having its cookie José Manuel Molina Pascual (Jul 06)
- RE: Unable to impersonate another user although having its cookie Martin O'Neal (Jul 01)
- Re: Unable to impersonate another user although having its cookie arvind doraiswamy (Jul 27)