Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Web-App-Sec
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Modifing non-persistent cookies

from [Matt Fisher] Network Security [Permanent Link]
Subject: RE: Modifing non-persistent cookies
Date: Fri, 16 Dec 2005 14:40:44 -0500 
Your proxy should be able to do that for you.  The one I use most often
( take a guess which ) lets me write a search-and-replace filter so that
the UserID=whatever would be changed on the fly for me.  Or, I could use
it to modify the server response so that I change the cookie once and
the browser remembers my modified cookie and sends it up with every
request. 




-----Original Message-----
From: Jason binger [mailto:cisspstudy@yahoo.com] 
Sent: Sunday, December 11, 2005 5:48 PM
To: webappsec@securityfocus.com
Subject: Modifing non-persistent cookies

I am looking for an application that can modify a 
non-persistent cookies value permanently (while the browser is open).

I am testing a web app where a UserID=Number is set in the 
browser. If I change this number to another ID I can access 
other users functions, but I don't want to have to manually 
change it with each request using a web proxy.

Does anyone have some other ideas?

Cheers

__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection 
around http://mail.yahoo.com
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: PCI DSS Compliance, Steven Jones
Next by Date:  RE: SPAM-LOW: New(?) web app sec scanner: NTOSpider, Tommy
Previous by Thread:  RE: Modifing non-persistent cookies, Luke Fraser
Next by Thread:  Fwd: SF new column announcement: Users inundated with pop-ups, by Scott Granneman, Andrew van der Stock
Indexes:  [Date] [Thread] [Top] [All Lists]