cookie spoofing

Reply

Join Date: Jan 2004
Posts: 38
Reputation: Dominick is an unknown quantity at this point 
Solved Threads: 0
Dominick's Avatar
Dominick Dominick is offline Offline
Light Poster

cookie spoofing

 
0
  #1
Jan 28th, 2004
Is it easy or even possible for a user to create a cookie on his own and use it on a site that uses authentication with cookies?
Dominick@tech-lounge.com
www.tech-lounge.com
www.v-dommi.net
Reply With Quote Quick reply to this message  
Join Date: Jan 2004
Posts: 61
Reputation: Redshift is an unknown quantity at this point 
Solved Threads: 0
Redshift Redshift is offline Offline
Junior Poster in Training

Re: cookie spoofing

 
0
  #2
Jan 28th, 2004
Generally, the authentication Info is hashed within the cookie so in order to make a cookie you would need the password amongst other things for the account which generated it. Generally attacks using cookies are executed by using stolen cookies.
Reply With Quote Quick reply to this message  
Join Date: Jan 2004
Posts: 38
Reputation: Dominick is an unknown quantity at this point 
Solved Threads: 0
Dominick's Avatar
Dominick Dominick is offline Offline
Light Poster

Re: cookie spoofing

 
0
  #3
Jan 28th, 2004
easy enough. thanks for the quick reply
Dominick@tech-lounge.com
www.tech-lounge.com
www.v-dommi.net
Reply With Quote Quick reply to this message  
Join Date: Jan 2004
Posts: 152
Reputation: floris has a spectacular aura about floris has a spectacular aura about 
Solved Threads: 2
floris's Avatar
floris floris is offline Offline
vBulletin.com Staff

Re: cookie spoofing

 
0
  #4
Mar 1st, 2004
It depends on the poorly written code, but it is quite possible to spoof cookies and even steal them remotely using xss
:cheesy: a vBulletin fan community @ vBulletin.nl :cheesy:
Reply With Quote Quick reply to this message  
Join Date: Apr 2006
Posts: 1
Reputation: sowiebinich is an unknown quantity at this point 
Solved Threads: 0
sowiebinich sowiebinich is offline Offline
Newbie Poster

Re: cookie spoofing

 
0
  #5
Apr 4th, 2006
Originally Posted by Redshift
Generally, the authentication Info is hashed within the cookie so in order to make a cookie you would need the password amongst other things for the account which generated it. Generally attacks using cookies are executed by using stolen cookies.
Ok, supposing I have all the cookies I need for cookie authentication, and I'm trying to run some php scripts on one site that will read in other php-generated pages. The problem I'm getting is that the site I'm grabbing from is not recognizing their own cookies or something. I have the required cookies set on my computer for that site, and I have identical ones set on the site I'm trying to run my script on. Do I have to be trying to do this from a server, or at least a computer than can run php?

Ideas?
Reply With Quote Quick reply to this message  
Join Date: Feb 2005
Posts: 355
Reputation: DanceInstructor is an unknown quantity at this point 
Solved Threads: 14
DanceInstructor's Avatar
DanceInstructor DanceInstructor is offline Offline
Posting Whiz

Re: cookie spoofing

 
0
  #6
Apr 5th, 2006
Are you using curl? You really should have started a new topic in the PHP forum.
Clear Mind Hosting and Web Design

If I've helped you please consider adding to my reputation.
Reply With Quote Quick reply to this message  
Reply

Quick Reply to Thread
This thread is more than three months old.
Perhaps start a new thread instead?
Message:



Similar Threads
Other Threads in the Database Design Forum
Thread Tools Search this Thread



Tag cloud for Database Design
assignment avatar backup bigbrother business calendar daniweb data database databasedesign design erd europe events hacker hp ibm medicine mobilephone mysql news recovery security server sql survey uk update
About Us | Contact Us | Advertise | DaniWeb | Acceptable Use Policy | RSS Feed

©2003 - 2009 DaniWeb® LLC