943,648 Members | Top Members by Rank

Web Development > Databases > Database Design > cookie spoofing
Ad:
Permalink
Jan 28th, 2004
0

cookie spoofing

Expand Post »
Is it easy or even possible for a user to create a cookie on his own and use it on a site that uses authentication with cookies?
Similar Threads
Reputation Points: 11
Solved Threads: 0
Light Poster
Dominick is offline Offline
38 posts
since Jan 2004
Permalink
Jan 28th, 2004
0

Re: cookie spoofing

Generally, the authentication Info is hashed within the cookie so in order to make a cookie you would need the password amongst other things for the account which generated it. Generally attacks using cookies are executed by using stolen cookies.
Reputation Points: 11
Solved Threads: 0
Junior Poster in Training
Redshift is offline Offline
61 posts
since Jan 2004
Permalink
Jan 28th, 2004
0

Re: cookie spoofing

easy enough. thanks for the quick reply
Reputation Points: 11
Solved Threads: 0
Light Poster
Dominick is offline Offline
38 posts
since Jan 2004
Permalink
Mar 1st, 2004
0

Re: cookie spoofing

It depends on the poorly written code, but it is quite possible to spoof cookies and even steal them remotely using xss
Reputation Points: 115
Solved Threads: 2
Junior Poster
floris is offline Offline
152 posts
since Jan 2004
Permalink
Apr 4th, 2006
0

Re: cookie spoofing

Quote originally posted by Redshift ...
Generally, the authentication Info is hashed within the cookie so in order to make a cookie you would need the password amongst other things for the account which generated it. Generally attacks using cookies are executed by using stolen cookies.
Ok, supposing I have all the cookies I need for cookie authentication, and I'm trying to run some php scripts on one site that will read in other php-generated pages. The problem I'm getting is that the site I'm grabbing from is not recognizing their own cookies or something. I have the required cookies set on my computer for that site, and I have identical ones set on the site I'm trying to run my script on. Do I have to be trying to do this from a server, or at least a computer than can run php?

Ideas?
Reputation Points: 10
Solved Threads: 0
Newbie Poster
sowiebinich is offline Offline
1 posts
since Apr 2006
Permalink
Apr 5th, 2006
0

Re: cookie spoofing

Are you using curl? You really should have started a new topic in the PHP forum.
Reputation Points: 17
Solved Threads: 14
Posting Whiz
DanceInstructor is offline Offline
355 posts
since Feb 2005

This thread is more than three months old

No one has posted to this discussion for at least three months. Please let old threads die and do not reply to them unless you feel you have something new and valuable to contribute that absolutely must be added to make the discussion complete. Otherwise, please start a new thread in this forum instead.
Message:
Previous Thread in Database Design Forum Timeline: Database Design - Supertypes and Subtypes
Next Thread in Database Design Forum Timeline: A few things i dont understand





About Us | Contact Us | Advertise | Acceptable Use Policy
Forum Index | Build Custom RSS Feed


Follow us on Twitter


© 2011 DaniWeb® LLC